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(57) A memory card 110 performs decryption 
processing to extract a session key Ks from data applied 
from a server to a data bus BS3 over a cellular phone 
network. An encryption processing unit 1406 encrypts 
public encryption key KPcard(1) of memory card 110 
based on session key Ks, and applies the same to the 



server via data bus BS3. A register 1 500 receives and 
stores data such as decrypted license ID and user ID 
from the server, and a memory 1 41 2 receives and stores 
encrypted content data [Dc]Kc applied from data bus 
BS3 and encrypted with a license key Kc. 
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Description 

Technical Field 

[0001] The present invention relates to a data distri- s 
bution system for distributing information to terminals 
such as cellular phones, and particularly to a data dis- 
tribution system, which can secure a copyright relating 
to copied information. 

10 

Background Art 

[0002] By virtue of the progress in information com- 
munication networks and the like such as the Internet in 
these few years, each user can now easily access net- is 
work information through individual-oriented terminals 
employing a cellular phone or the like. 
[0003] In such information communication, informa- 
tion is transmitted through digital signals. It is now pos- 
sible to obtain copied music and video information trans- 20 
mitted via the aforementioned information communica- 
tion network without degradation in the audio quality and 
picture quality of the copy data, even in the case where 
an individual user performs the copy. 
[0004] Thus, there is a possibility of the copyright of 25 
the copyright owner being significantly infringed unless 
some appropriate measures to protect copyrights are 
taken when any content data subject to copyright pro- 
tection such as music data and image data is to be trans- 
mitted on the information communication network. 30 
[0005] However, if copyright protection is given top 
priority so that distribution of content data through the 
disseminating digital information communication net- 
work is suppressed, the copyright owner who can es- 
sentially collect a predetermined copyright royalty for 35 
copies of a copyrighted work will also incur some dis- 
benefit. 

[0006] Instead of the distribution over the digital infor- 
mation communication network described above, distri- 
bution may be performed via record mediums storing *o 
digital data. In connection with the latter case, music da- 
ta stored in CDs (compact disks) on the market can be 
freely copied in principle into magneto-optical disks (e. 
g., MDs) as long as the duplication is only for the per- 
sonal use. However, a personal user performing digital *5 
recording or the like indirectly pays predetermined 
amounts in prices of the digital recording device itself 
and the medium as guaranty moneys to a copyright 
holder, 

[0007] However, the music data is digital data, which so 
does not cause deterioration of information when it is 
copied as digital signals from a CD to an MD. Therefore, 
for the copyright protection, such structures are em- 
ployed that the music information cannot be copied as 
digital data from the recordable MD to another music 55 
data. 

[0008] Under present circumstances, therefore, digit- 
al data can be freely copied from a CD to an MD, i.e., 



from a master of digital record medium to a slave, but 
cannot be copied from a recordable MD to another MD. 
[0009] In view of the above, the public distribution it- 
self of the music data and image data over the digital 
information communication network is restricted by the 
public transmission right of the copyright holder, and 
therefore sufficient measures must be taken for the cop- 
yright protection. 

[001 0] For the above case, it is naturally necessary to 
inhibit such an act that a user, who is not originally au- 
thorized, receives copyrighted data distributed to the 
public over the information communication network. 
Further, it is necessary to inhibit such an act that copy- 
righted data, which was once received by an authorized 
user, is further duplicated without authorization. 

Disclosure of the Invention 

[0011] An object of the invention is to provide an in- 
formation distribution system for distributing copyright- 
ed data over an information network such a cellular 
phone network, and particularly an information distribu- 
tion system, in which only users having proper access 
rights can receive such information. 
[001 2] Another object of the invention is to provide an 
information distribution system, which can protect dis- 
tributed copyrighted data from being duplicated without 
authorization from a copyright holder. 
[001 3] For achieving the above objects, the invention 
provides a data distribution system for distributing en- 
crypted content data to each of terminals of a plurality 
of users from a content data supply device. 
[001 4] The content data supply device includes a first 
interface unit, a first session key generating unit, a ses- 
sion key encryption processing unit, a session key de- 
crypting unit, a first license data encryption processing 
unit and a second license data encryption processing 
unit. 

[001 5] The first interface unit externally transmits da- 
ta. 

[001 6] The first session key generating unit produces 
a first symmetric key to be updated in response to every 
transmission of the encrypted content data. The session 
key encryption processing unit encrypts the first sym- 
metric key with a first public encryption key predeter- 
mined corresponding to the user's terminal, and applies 
the same to the first interface unit. The session key de- 
crypting unit decrypts returned data encrypted with the 
first symmetric key. 

[0017] The first license data encryption processing 
unit encrypts a license key for decrypting the encrypted 
content data using, as key data, the data decrypted by 
the session key decrypting unit. The second license da- 
ta encryption processing unit further encrypts an output 
of the first license data encryption processing unit with 
a second symmetric key, and applies the same to the 
first interface unit for distribution. 
[001 8] Each of the terminals includes a second inter- 
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face unit and a distributed data decoding unit. 
[0019] The second interface unit externally transmits 
the data. 

[0020] The distributed data decoding unit receives 
and stores the encrypted content data. The distributed 
data decoding unit includes a first key holding unit, a 
first decryption processing unit, a second key holding 
unit, a first encryption processing unit, a second decryp- 
tion processing unit, a first memory unit, a third key hold- 
ing unit and a third decryption processing unit. 
[0021] The first key holding unit holds a first private 
decryption key for decrypting the data encrypted by the 
first public encryption key, and the first decryption 
processing unit receives and decrypts the first symmet- 
ric key encrypted with the first public encryption key. 
[0022] The second key holding unit holds a second 
public encryption key. The first encryption processing 
unit encrypts the second public encryption key based 
on the first symmetric key, and outputs the same to the 
second interface unit. 

[0023] The second decryption processing unit re- 
ceives the license key encrypted by the second license 
data encryption processing unit, and decrypts the same 
based on the second symmetric key. 
[0024] The first memory unit stores the encrypted 
content data allowing decryption based on the license 
key. 

[0025] The third key holding unit holds a second pri- 
vate decryption key for decrypting the data encrypted 
with the second public encryption key. The third decryp- 
tion processing unit decrypts the license key with the 
second private decryption key based on a result of the 
decryption by the second decryption processing unit. 
[0026] According to another aspect, the invention pro- 
vides a data distribution system for distributing at least 
one of encrypted data and a license key for decrypting 
the decrypted data from a content data supply device to 
each of terminals of a plurality of users. 
[0027] The content data supply device includes a first 
interface unit, a first session key generating unit, a ses- 
sion key encryption processing unit, a session key de- 
crypting unit, a first license data encryption processing 
unit and a second license data encryption processing 
unit. 

[0028] The first interface unit externally transmits da- 
ta. 

[0029] The first session key generating unit produces 
a first symmetric key to be updated in response to every 
transmission of the encrypted content data. The session 
key encryption processing unit encrypts the first sym- 
metric key with a first public encryption key predeter- 
mined corresponding to the user's terminal, and applies 
the same to the first interface unit. The session key de- 
crypting unit decrypts and extracts a second symmetric 
key and a second public encryption key both encrypted 
with the first symmetric key and returned. 
[0030] The first license data encryption processing 
unit encrypts a license key for decrypting the encrypted 



content data with the second public encryption key de- 
crypted by the session key decrypting unit. The second 
license data encryption processing unit further encrypts 
an output of the first license data encryption processing 

5 unit with the second symmetric key, and applies the 
same to the first interface unit for distribution. 
[0031] Each of the terminals includes a second inter- 
face unit and a distributed data decoding unit. 
[0032] The second interface unit externally transmits 

10 the data. 

[0033] The distributed data decoding unit receives 
and stores the encrypted content data and the license 
key. 

[0034] The distributed data decoding unit includes a 
is first key holding unit, a first decryption processing unit, 
a second key holding unit, a second session key gener- 
ating unit, a first encryption processing unit, a second 
decryption processing unit, a memory unit, a third key 
holding unit, a third decryption processing unit and a first 
authentication data holding unit. 
[0035] The first key holding unit holds a first private 
decryption key for decrypting the data encrypted by the 
first public encryption key, and the first decryption 
processing unit receives and decrypts the first symmet- 
ric key encrypted with the first public encryption key. 
[0036] The second key holding unit holds a second 
public encryption key. The second session key generat- 
ing unit produces a second symmetric key. 
[0037] The first encryption processing unit encrypts 
the second public encryption key and the second sym- 
metric key based on the first symmetric key, and outputs 
the same to the second interface unit. The second en- 
cryption processing unit receives the license key en- 
crypted by the license data encryption processing unit, 
and decrypts the same based on the second symmetric 
key. The memory unit stores the encrypted content data 
decodable with the license key. 
[0038] The third key holding unit holds a second pri- 
vate decryption key for decrypting the data encrypted 
with the second public encryption key. The third decryp- 
tion processing unit decrypts the license key with the 
second private decryption key based on a result of the 
decryption by the second decryption processing unit, 
and extracts the same. The first authentication data 
holding unit can encrypt first authentication data con- 
taining at least the first public encryption key in a manner 
decodable with a public authentication key, and holds 
the same for external output. 

[0039] The content data supply device further in- 
cludes a first authentication decryption processing unit 
for decrypting and extracting the externally applied first 
authentication data decodable with the public authenti- 
cation key, and a distribution control unit for performing 
authentication processing based on the first authentica- 
tion data extracted by the first authentication decryption 
processing unit, and determining at least whether the 
license key is to be distributed for not. 
[0040] According to the invention, therefore, only a 
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regular or proper user can receive the content data for 
storing it in the memory. Further, the system is config- 
ured as follows. When data once stored in a memory 
card of an owner is copied for use by another person, 
the data of the owner or sender changes into an irrepro- 
ducible form. Therefore, the system can prevent the 
copyright holder from sustaining drawbacks due to un- 
limited copying. 

[0041] According to another advantage of the inven- 
tion, the license key is distributed to only the authorized 
terminal so that the copyright protection is further en- 
hanced. 

[0042] According to further another advantage of the 
invention, the user can purchase encrypted content data 
from a content data vending machine without utilizing a 
distribution carrier. This further improves convenience 
to users. 

[0043] The foregoing and other objects, features, as- 
pects and advantages of the present invention will be- 
come more apparent from the following detailed de- 
scription of the present invention when taken in conjunc- 
tion with the accompanying drawings. 

Brief Description of the Drawings 

[0044] 

Fig. 1 conceptually and schematically shows a 
whole structure of an information distribution sys- 
tem according to the invention; 
Fig. 2 collectively represents characteristics such 
as. key data used for communication in the informa- 
tion distribution system shown in Fig. 1 ; 
Fig. 3 is a schematic block diagram showing a struc- 
ture of a distribution server 10 shown in Fig. 1 ; 
Fig. 4 is a schematic block diagram showing a struc- 
ture of a cellular phone 1 00 shown in Fig. 1 ; 
Fig. 5 is a schematic block diagram showing a struc- 
ture of a memory card 1 1 0 shown in Fig. 4; 
Fig. 6 is a first flowchart representing a distribution 
mode in the data distribution system shown in Figs. 
1 and 3 - 5; 

Fig. 7 is a second flowchart representing a distribu- 
tion mode in the data distribution system shown in 
Figs. 1 and 3 - 5; 

Fig. 8 is a flowchart representing processing of re- 
producing content data within cellular phone 100, 
and externally outputting it. as music; 
Fig. 9 is a first flowchart representing processing of 
transferring or duplicating content data, key data 
and others between two memory cards; 
Fig. 10 is a second flowchart representing process- 
ing of transferring or duplicating content data, key 
data and others between two memory cards; 
Fig. 11 is a schematic block diagram showing a 
structure of a music server 31 corresponding to a 
memory card 120 in a second embodiment; 
Fig. 12 is a schematic block diagram showing a 



structure of a cellular phone 1 01 in the second em- 
bodiment; 

Fig. 13 is a schematic block diagram showing a 
structure of a memory card 120 in the second em- 

5 bodiment of the invention; 

Fig. 1 4 is a first flowchart representing a distribution 
mode using memory card 120 shown in Fig. 13; 
Fig. 15 is a second flowchart representing the dis- 
tribution mode using memory card 120 shown in 

10 Fig. 13; 

Fig. 1 6 is a first flowchart representing reproduction 
processing of reproducing content data within cel- 
lular phone 1 01 , and externally outputting it as mu- 
sic; 

'5 Fig. 1 7 is a second flowchart representing repro- 
duction processing of reproducing content data 
within cellular phone 101, and externally outputting 
it as music; 

Fig. 18 is a first flowchart representing processing 
20 of transferring or duplicating content data, key data 
and others between two memory cards; 
Fig. 1 9 is a second flowchart representing process- 
ing of transferring or duplicating content data, key 
data and others between two memory cards; 
25 Rg. 20 conceptually shows a structure of a data dis- 
tribution system of a third embodiment; 
Fig. 21 is a schematic block diagram showing a 
structure of a content data vending machine 2000 
in the third embodiment; 
30 Fig. 22 is a first flowchart representing a distribution 
mode in the data distribution system shown in Figs. 
20 and 21; 

Fig. 23 is a second flowchart representing the dis- 
tribution mode in the data distribution system shown 
35 in Figs. 20 and 21 ; 

Fig. 24 conceptually shows a structure of a content 
data vending machine 2001 in a modification of the 
third embodiment; 

Fig. 25 is a first flowchart representing a distribution 
40 mode of a data distribution system in the modifica- 
tion of the third-embodiment; 
Fig. 26 is a second flowchart representing the dis- 
tribution mode in the data distribution system in the 
modification of the third embodiment; 
45 Fig. 27 is a schematic block diagram showing a 
structure of a content data vending machine 3000 
in a fourth embodiment; 

Fig. 28 is a first flowchart showing a distribution 
mode in the data distribution system shown in Fig. 
50 27; 

Fig. 29 is a second flowchart showing a distribution 
mode in the data distribution system shown in Fig. 
27; 

Fig. 30 is a first flowchart showing a distribution 
55 mode of a data distribution system in a modification 
of the fourth embodiment; 
Fig. 31 is a second flowchart showing a distribution 
mode of the data distribution system in the modrfi- 
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cation of the fourth embodiment; 
Fig. 32 is a schematic block diagram showing a 
structure of a cellular phone 105 in a fifth embodi- 
ment; 

Fig. 33 is a schematic block diagram showing a 5 
structure of a distribution server 12 corresponding 
to a memory card 140 in the fifth embodiment; 
Fig. 34 is a schematic block diagram showing a 
structure of memory card 140 in the fifth embodi- 
ment; '0 
Fig. 35 is a first flowchart representing a distribution 
mode using memory card 140; 
Fig. 36 is a second flowchart representing a distri- 
bution mode using memory card 140; 
Fig. 37 is a first flowchart representing reproducing '5 
processing of reproducing encrypted content data 
held in memory card 140 for externally outputting it 
as music; 

Fig. 38 is a second flowchart representing the re- 
producing processing of reproducing the encrypted 20 
content data held in memory card 1 40 for externally 
outputting it as music; 

Fig. 39 is a first flowchart representing processing 
of transferring or duplicating content data, key data 
and others between two memory cards; 25 
Fig. 40 is a second flowchart representing process- 
ing of transferring or duplicating content data, key 
data and others between two memory cards; 
Fig. 41 is a schematic block diagram showing a 
structure of a content data vending machine 301 0 30 
in a sixth embodiment of the invention; 
Fig. 42 is a first flowchart representing a distribution 
mode of a data distribution system using content 
data vending machine 3010; 

Fig. 43 is a second flowchart representing the dis- 35 
tribution mode of the data distribution system using 
content data vending machine 3010; 
Fig. 44 is a schematic block diagram showing a 
structure of a cellular phone 1 07 in a seventh em- 
bodiment; 40 
Fig. 45 is a schematic block diagram showing a 
structure of a distribution server 13 corresponding 
to cellular phone 107 in the seventh embodiment; 
Fig. 46 is a first flowchart representing a distribution 
mode using a distribution server 12 and cellular 45 
phone 107; 

Fig. 47 is a second flowchart showing the distribu- 
tion mode using distribution server 12 and cellular 
phone 107; 

Fig. 48 is a first flowchart representing reproducing so 
processing of reproducing encrypted content data 
held in memory card 1 40 for externally outputting it 
as music; 

Fig. 49 is a second flowchart representing the re- 
producing processing of reproducing the encrypted ss 
content data held in memory card 1 40 for externally 
outputting it as music; 

Fig. 50 is a first flowchart representing processing 



of transferring or duplicating content data, key data 
and others between two memory cards in the sev- 
enth embodiment; 

Fig. 51 is a second flowchart representing process- 
ing of transferring or duplicating content data, key 
data and others between two memory cards in the 
seventh embodiment; 

Fig. 52 is a schematic block diagram showing a 
structure of a content data vending machine of an 
eighth embodiment of the invention; 
Fig. 53 is a first flowchart showing a distribution 
mode of a data distribution system using content 
data vending machine 3020; 
Fig. 54 is a second flowchart showing the distribu- 
tion mode of the data distribution system using con- 
tent data vending machine 3020; 
Fig. 55 is a schematic block diagram showing a 
structure including a terminal 1202 in memory card 
140; and 

Fig. 56 shows a modification of the structure includ- 
ing terminal 1202 in memory card 140. 

Best Mode for Carrying Out the Invention 

[0045] Embodiments of the invention will now be de- 
scribed with reference to the drawings. 

[First Embodiment] 

[Whole Structure of System] 

[0046] Fig. 1 conceptually shows a whole structure of 
an information distribution system according to the in- 
vention. 

[0047] The following description will be given by way 
of example on a structure of a data distribution system, 
in which music data is distributed to users over a cellular 
phone network. As will be apparent from the following 
description, the invention is not restricted to such an ex- 
ample, and may be applied to other cases, in which cop- 
yrighted data (e.g., image data) other than the music da- 
ta is distributed over another information communica- 
tion network. 

[0048] Referring to Fig. 1 , a distribution server 1 0 ad- 
ministrating copyrighted music information encrypts 
music data (which will be referred to also as "content 
data" hereinafter) in a predetermined encryption 
scheme, and applies the data thus encrypted to a cellu- 
lar phone company, which is a distribution carrier 20 for 
distributing information. An authentication server 12 de- 
termines whether an instrument or device accessing it 
for distribution of music data is a regular device or not. 
[0049] Distribution carrier 20 relays over its own cel- 
lular phone network a distribution request received from 
each user to distribution server 10. When distribution 
server 10 receives the distribution request, authentica- 
tion server 12 determines whether the access is made 
by a regular device or not. After it is confirmed that the 
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access is made by the regular device, distribution server 
10 encrypts the requested content data, and distributes 
it to the user's cellular phone over the cellular phone net- 
work of distribution carrier 20. 
[0050] In Fig. 1, a cellular phone 100 of a cellular 
phone user 1 includes, e.g., a memory card 110, which 
is releasably attached thereto for receiving encrypted 
content data received by cellular phone 1 00, decrypting 
the data encrypted for this transmission, and applying 
the data to an audio decoding unit (not shown) in cellular 
phone 100. 

[0051] Further, user 1 can listen to music, which is 
produced by reproducing such content data, via head- 
phones 1 30 or the like connected to cellular phone 1 00. 
[0052] In the following description, distribution server 
10, authentication server 12 and distribution carrier 20 
described above will be collectively referred to as a "mu- 
sic server 30". 

[0053] Also, the processing of transmitting the content 
data from music server 30 to each cellular phone termi- 
nal or the like will be referred to as "distribution", here- 
inafter. 

[0054] Owing to the above structure, a user other than 
a regular user, who purchased regular memory card (i. 
e., memory card 110), cannot receive and reproduce the 
data distributed from music server 30 without difficulty. 
[0055] Further, the system may be configured as fol- 
lows. By counting the times of distribution of content da- 
ta, e.g., for example, one song in distribution carrier 20, 
the royalty, which is charged every time the user re- 
ceives (downloads) content data, can be collected by 
distribution carrier 20 together with charges for tele- 
phone calls so that the copyright owner can ensure the 
royalty. 

[0056] The foregoing distribution of the content data 
is performed over a closed system, i.e., the cellular 
phone network so that it is easy to take measures for 
the copyright protection, compared with open systems 
such as the Internet. 

[0057] For example, a user 2 having a memory card 
1 1 2 can receive content data directly from music server 
30 by user's own cellular phone 1 02. However, such da- 
ta reception may take a relatively long time if user 2 re- 
ceives the content data or the like having a large infor- 
mation amount directly from music server 30. In connec- 
tion with this, the system may be configured such that 
user 2 can copy the content data of user 1 , who has 
already received it. This improves the convenience of 
users. 

[0058] From the viewpoint of protecting right of the 
copyright owner, it is not allowed to provide a system 
configuration allowing free copying of content data. 
[0059] In an example shown in Fig. 1, an operation, 
in which the content data itself received by user 1 as 
well as information required for reproducing the content 
data are copied for use by user 2, is referred to as "trans- 
fer of the content data. In this case, since useM allows 
the copying of the content data together with information 



(reproduction information) required for the reproduction, 
it is necessary to disable or inhibit the reproduction of 
the content data by user 1 after the transfer of informa- 
tion. The above content data is distributed as encrypted 

5 content data, which is encrypted in a predetermined en- 
cryption scheme. As will be described later, the "repro- 
duction information" means the information including a 
key, which allows decryption or decoding of the encrypt- 
ed content data in accordance with the foregoing pre- 

io determined encryption scheme, and will also be referred 
to as a "license key", as well as license ID data, user ID 
data and others, which are information related to copy- 
right protection. 

[0060] In contrast to the above, an operation, in which 
*5 only content data is copied while keeping an encrypted 
form, is referred to as "duplication" of music information. 
[0061] In this case, reproduction information required 
for reproducing such content data is not copied for use 
by the terminal of user 2 so that user 2 having only the 
20 encrypted content data cannot reproduce the music. If 
user 2 wishes to reproduce the music, user 2 must re- 
ceive the reproduction information distributed from mu- 
sic server 30 for allowing reproduction of the content da- 
ta. In this case, however, it is merely required to receive 
25 the information for allowing the reproduction . Therefore, 
it takes a remarkably short telephone communication 
time for allowing music reproduction as compared with 
the case, where user 2 directly receives all the required 
data and information from music server 30. 
30 [0062] For example, if cellular phones 100 and 102 
are PHSs (Personal Handy Phones), a telephone con- 
versation can be performed in a so-called transceiver 
mode. By using this function, information can be collec- 
tively relocated (transferred) from user 1 to user 2, and/ 
35 or only the encrypted content data can be moved (du- 
plicated). 

[0063] In the structure shown in Fig. 1 , the system re- 
quires the following schemes and structure for repro- 
ducing the content data, which is distributed in the en- 
crypted form, on the user side. First, the system requires 
a scheme for sending an encryption key in the commu- 
nication. Second, the system requires a scheme for en- 
crypting the data itself to be distributed. Third, the sys- 
tem requires a structure for protecting data by prevent- 
45 ing unauthorized copying of the distributed data. 

[Structure of Encryption/Decryption Key] 

[0064] Fig. 2 collectively represents characteristics of 
so key data and others used for communication in the in- 
formation distribution system shown in Fig. 1 . 
[0065] In the structure shown in Fig. 1 , data process- 
ing in memory card 100 is administrated by private de- 
cryption key Kmedia(n) (n: natural number), a public en- 
55 cryption key KPcard(n) and a private decryption key 
Kcard(n) (n: natural number). Private decryption key 
Kmedia(n) includes information for individually specify- 
ing the types and others of the memory card. Public en- 
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cryption key KPcard(n) is unique to the memory card. 
Private decryption key Kcard(n) is used for decrypting 
the data encrypted with public encryption key KPcard 
(n). 

[0066) In the expressions such as "Kcard(n) M and "KP- 
card(n)" indicating the keys, the natural number "n" is 
used for identifying each memory card. 
[0067] More specifically, the data encrypted with pub- 
lic encryption key KPcard(n) can be decrypted with pri- 
vate decryption key Kcard(n), which is present uniquely 
to each memory card. Therefore, three kinds of keys 
Kmedia(n), Kcard(n) and KPcard(n) are basically used 
for transmitting the distributed data to and from the 
memory cards, as will be described later. 
[0068] Further, as the encryption key for keeping the 
secret in external transmission of data to and from the 
memory card, the system uses public encryption key 
KPmedia(n) unique to each medium, private decryption 
key Kmedia(n) for decrypting data encrypted with public 
encryption key KPmedia(n), and a symmetric key Ks 
produced in music server 30 or cellular phone 100 or 
1 02 in response to every communication (e.g., every ac- 
cess to music server 30). 

[0069] The system may be configured such that sym- 
metric key Ks described above is generated every time 
the user accesses music server 30, and the same key 
is used for music information without limiting the number 
of tunes or songs in the music information as long as 
the access has been performed only one time. Alterna- 
tively, different symmetric keys may be used for different 
tunes, respectively, and each may be set to the user for 
one tune. 

[0070] In the following description, the unit of commu- 
nication or access described above will be referred to 
as a "session", and symmetric key Ks will be referred to 
as a "session key". 

[0071] Consequently, session key Ks has a value 
unique to each communication session, and is adminis- 
trated by the distribution server and the cellular phone. 
[0072] Forthe data to be distributed, it is assumed that 
a key Kc (which will be referred to as a "license key" 
hereinafter) for decrypting the encrypted content data is 
first present, and the encrypted content data is decrypt- 
ed with this license key Kc. Further, an administration 
code for specifying the content data, license ID data Li- 
cense-ID including information, which relates to restric- 
tion of the times of reproduction, and others are present 
as the license information described above. The cellular 
phone holds a user ID data user-ID for identifying the 
receiver. 

[0073] Owing to the above structure, control related 
to the copyright protection for the copyright owner can 
be performed in accordance with information contained 
in the license ID data. Also, by using the user ID data, 
control can be performed to protect the personal infor- 
mation of the user such as access histories of the user 
from a third party. 

[0074] As already described, content data Dc in the 



distributed data is, e.g., music data, and data prepared 
by encrypting this content data for decryption with ses- 
sion key Ks is referred to as encrypted content data [Dc] 
Kc. 

5 [0075] The expression "[Y]X" represents that data is 
prepared by converting data Y with a key X into a deco- 
dable form. The keys used in encryption processing and 
decryption processing may also be referred to as "keys". 

io [Structure of Distribution Server 1 0] 

[0076] Fig. 3 is a schematic block diagram showing a 
structure of distribution server 10 shown in Fig. 1 . Dis- 
tribution server 1 0 includes a distribution information da- 

15 tabase 304 for storing distribution data such as data, 
which is prepared by encrypting content data (music da- 
ta) in a predetermined scheme, and a license ID, an ac- 
counting database 302 for storing accounting informa- 
tion related to the times of access to content data for 

20 each user, a data processing unit 31 0 for receiving data 
via a bus BS1 from distribution information database 
304 and accounting database 302, and performing pre- 
determined encryption processing, and a communica- 
tion device 350 for transmitting data between distribu- 

25 tion carrier 20 and data processing unit 310 over the 
communication network. 

[0077] Data processing unit 31 0 includes a distribu- 
tion control unit 312 for controlling an operation of data 
processing unit 31 0 in accordance with the data on data 

30 bus BS1, a session key generating unit 314 which is 
controlled by distribution control unit 312 to generate 
session key Ks, an encryption processing unit 31 6 which 
encrypts session key Ks generated by session key gen- 
erating unit 314 with public encryption key KPmedia, 

35 and apply it to data bus BS1 , a decryption processing 
unit 318 for receiving the data, which is sent after being 
encrypted with session key Ks in the cellular phone of 
each user, via communication device 350 and data bus 
BS1 , and decrypting the received data, an encryption 

^0 processing unit 320 for encrypting the data such as li- 
cense key and license ID with public encryption key KP- 
card(n), which is extracted by decryption processing unit 
318, under control of distribution control unit 312, and 
an encryption processing unit 322 for encrypting the out- 

45 put of encryption processing unit 320 with session key 
Ks, and applying the same to communication device 350 
via data bus BS1 . 

[Structure of Terminal (Cellular Phone)] 

50 

[0078] Fig. 4 is a schematic block diagram showing a 
structure of cellular phone 100 shown in Fig. 1 . 
[0079] Cellular phone 1 00 includes an antenna 1 1 02 
for receiving radio signals sent over the cellular phone 
55 network, a transmission unit 11 04 for converting the sig- 
nals received from antenna 1 1 02 into baseband signals, 
and sending data sent from the cellular phone to anten- 
na 1102 after modulating it, a data bus BS2 for data 
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transmission to various portions in cellular phone 100, 
a controller 1106 for controlling the operation of cellular 
phone 1 00 via bus BS2, a user ID holding unit 1 1 07 for 
holding user ID data User-ID for identifying the receiver, 
a touch key unit 1 1 08 for externally applying an instruc- 
tion to cellular phone 100, a display 1110 for applying 
information output from controller 1 1 06 or the like to the 
user as visual information, a voice decoding unit 1112 
for reproducing voice and sound based on received data 
applied via data bus BS2 in a normal conversation op- 
eration, a connector 1120 for externally transmitting da- 
ta, and an external interface unit 1 122 for converting da- 
ta applied from connector 1120 into signals, which can 
be applied to data bus BS2, or converting data applied 
from data bus BS2 into signals, which can be applied to 
connector 1120. 

[0080] The user ID data includes data such as a tele- 
phone number of the user. 

[0081] Cellular phone 100 further includes releasable 
memory card 1 1 0 for decrypting the content data sent 
from music server 30, a memory interface 1 200 for con- 
trolling transmission of data between memory card 110 
and bus BS2, a session key generating unit 1502 for 
generating session key Ks, e.g., based on a random 
number for encrypting the data to be transmitted via data 
bus BS2 between memory card 110 and another portion 
of the cellular phone via bus BS2, an encryption 
processing unit 1504, which encrypts session key Ks 
produced by session key generating unit 1502 and ap- 
plies the same to data bus BS2, a decryption processing 
unit 1 506, which decrypts the data produced by session 
key generating unit 1502 and located on data bus BS2 
with session key Ks for outputting the same, an audio 
decoding unit 1 508 for receiving the output of decryption 
processing unit 1506, and reproducing music signals, a 
mixing unit 1510, which receives the output of audio de- 
coding unit 1508 and the output of voice decoding unit 
1112, and selectively outputs them in accordance with 
the operation mode, a digital-to-analog converter 1512, 
which receives and converts the output of mixing unit 
1 51 0 into analog signals for external output, and a con- 
nection terminal 1514, which receives the output of glg- 
ital-to-analog converter 1512 and is configured to con- 
nect headphones 130 thereto. 
[0082] For the sake of simplicity, only the blocks re- 
lated to distribution of the content data according to the 
invention are described, and some of blocks, which are 
originally provided in the cellular phone for the tele- 
phone conversation function, are not described. 

[Structure of Memory Card] 

[0083] Fig. 5 is a schematic block diagram showing a 
structure of memory card 110 shown in Fig. 4. 
[0084] In the following description, public encryption 
key KPmedia of memory card 110 attached to terminal 
1 00 will be referred to as public encryption key KPmedia 
(1) for discrimination from public encryption key KPme- 



dia of memory card 112 of terminal 102, which will be 
referred to as public encryption key KPmedia(2). 
[0085] Correspondingly, a private decryption key, 
which can decrypt the data encrypted with public en- 

5 cryption key KPmedia(1), and is asymmetrical to it, will 
be referred to as "private decryption key Kmedta(1 ), and 
a private decryption key, which can decrypt the data en- 
crypted with public encryption key KPmedia(2), and is 
asymmetrical to it, will be referred to as private decryp- 

io tion key Kmedia(2). 

[0086] By discriminating the public encryption keys 
unique to the mediums from each other, appropriate op- 
erations can be performed even in such cases that mul- 
tiple kinds of memory cards are used, and more gener- 

15 ally, medium(s) other than the memory card are present 
as options of the system, as will be described later. 
[0087] Memory card 1 1 0 includes a data bus BS3 for 
transmitting signals to and from memory interface 1 200 
via terminal 1202, a KPmedia(1) holding unit 1401 for 

20 holding public encryption key KPmedia(1), and output- 
ting the same to data bus BS3, a Kmedia(1 ) holding unit 
1402 for holding private decryption key Kmedia(t) cor- 
responding to memory card 1 1 0, a decryption process- 
ing unit 1 404 for extracting session key Ks by decrypting 

25 private decryption key Kmedia(1), a KPcard(1) holding 
unit 1405 for holding public encryption key KPcard(1); 
an encryption processing unit 1406 for encrypting the 
output of a selector switch 1408 based on session key 
Ks extracted from decryption processing unit 1404, and 

30 applying the same to data bus BS3, a decryption 
processing unit 1 41 0 for decrypting the data on data bus 
BS3 with session key Ks extracted by decryption 
processing unit 1404, and applying it onto a data bus 
BS4, and a memory 1412 for storing data such as li- 

35 cense key Kc and license ID, which are encrypted with 
public encryption key KPcard(n) unique to the memory 
card and are applied from data bus BS3, and receiving 
encrypted content data [Dc]Kc encrypted with license 
key Kc from data bus BS3 for storing the same. 

40 [0088] Selector switch 1 408 has contacts Pa, Pb and 
Pc. Contact Pa receives public encryption key KPcard 
(1) from KPcard(1) holding unit 1405. Contact Pb re- 
ceives data from a data bus BS5. Contact Pc receives 
the output of an encryption processing unit 1414. Selec- 
ts tor switch 1408 selectively applies the signals applied 
to contacts Pa, Pb and PC to encryption processing unit 
1406 in accordance with the operation mode selected 
from the "distribution mode", "reproduction mode" and 
"transfer mode". 

so [0089] Memory card 110 further includes a Kcard(1) 
holding unit 1415 for holding a value of private decryp- 
tion key Kcard(1), a decryption processing unit 141 6 for 
decrypting license key Kc, license ID and others ([Kc, 
License]Kcard(1)), which are encrypted with public en- 

55 cryption key KPcard(1) and read from memory 1412, 
and applying them to data bus BS5, encryption process- 
ing unit 1414, which operates in the data transferring 
operation and others to receive public encryption key 
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KPcard(1 ) of the memory card of the opposite party from 
decryption processing unit 1 41 0, encrypt license key Kc, 
license ID and others output to data bus BS5 based on 
public encryption key KPcard(n) of the opposite party, 
and then output them to selector switch 1 408, a control- 
ler 1420, which externally transmits data via data bus 
BS3, receives license ID data and others from data bus 
BS5 and controls the operation of memory card 1 1 0, and 
a register 1 500, which can transmit data such as license 
ID data to and from data bus BS5. 
[0090] A region surrounded by solid line in Fig. 5 is 
incorporated in a module TRM , which is configured such 
that internal data is erased and/or internal circuits are 
destroyed for disabling reading of data and others in cir- 
cuits located within this region by a third party when 
memory card 110 is, e.g., externally opened without au- 
thorization. 

[0091] This module is generally referred to as a 
"Tamper Resistance Module". 

[0092] Naturally, memory 1412 may also be incorpo- 
rated into module TRM. However, the structure shown 
in Fig. 5 can reduce a manufacturing cost because all 
the data held in memory 1412 is encrypted, and there- 
fore the third party cannot reproduce music by using on- 
ly the data in memory 1412 so that it is not necessary 
to arranged memory 1412 within the expensive tamper 
resistance module. 

[0093] Figs. 6 and 7 are first and second flowcharts 
representing a distribution operation in the data distri- 
bution system shown in Figs. 1 and 3 - 5. 
[0094] Figs. 6 and 7 represent the operation in the 
case where user 1 using memory card 1 1 0 receives mu- 
sic data from music server 30. 
[0095] First, user 1 sends a request for distribution via 
cellular phone 100 by operating keys or buttons on touch 
key unit 1108 (step S100). 

[0096] In memory card 1 1 0, public encryption key KP- 
media(1) is sent from KPmedia(1) holding unit 1401 to 
music server 30 in response to the above distribution 
request (step S 102). 

[0097] When music server 30 receives the distribution 
request and public encryption key KPmedia(1) from 
memory card 110 (step S104), an inquiry is applied to 
authentication server 12 based on received public en- 
cryption key KPmedia(1) (step S106), and the process- 
ing moves to a next step. If the regular memory card is 
not used, the processing is terminated (step S154). 
[0098] When it is determined from the inquiry that the 
regular memory card is used, music server 30 operates 
to produce session key Ks by session key generating 
unit 314. Further, encryption processing unit 316 in mu- 
sic server 30 produces encrypted session key [KsJKme- 
dia(1 ) by encrypting session key Ks with received public 
encryption key KPmedia(1) (step S108). 
[0099] Then, music server 30 applies encrypted ses- 
sion key [Ks]Kmedia(1) to data bus BS1. Communica- 
tion device 350 sends encrypted session key [Ks]Kme- 
dia{1 ), which is applied from encryption processing unit 



316, over the communication network to memory card 
110 of cellular phone 100 (step S110). 
[0100] When cellular phone 100 receives encrypted 
session key [Ks]Kmedia(1) (step S112), decryption 

s processing unit 1404 in memory card 110 decrypts and 
extracts session key Ks by decrypting the received data 
applied to data bus BS3 via memory interface 1 200 with 
private decryption key Kmedia(1) (step S114). 
[0101] In the subsequent distributing operation, con- 

10 tact Pa is closed in selector switch 1 408 so that encryp- 
tion processing unit 1 406 encrypts public encryption key 
KPcard(1) (i.e., public encryption key for memory card 
110) applied from KPcard(1) holding unit 1405 via con- 
tact Pa with session key Ks (step S11 6) to produce data 

is [KPcard(1))Ks (step S1 18). 

[0102] Cellular phone 100 sends data [KPcard(1)]Ks 
encrypted by encryption processing unit 1406 to music 
server 30 (step S120). 

[01 03] In music server 30, communication device 350 
20 receives data [KPcard(1))Ks (step S122), and decryp- 
tion processing unit 318 decrypts data [KPcard(1)]Ks 
applied to data bus BS1 with session key Ks to extract 
public encryption key KPcard(1) (step S124). 
[0104] Then, distribution control unit 312 produces li- 
25 cense information data License containing the license 
ID data and others based on the data held in distribution 
information database304 and others (step S126). 
[0105] Further, music server 30 obtains encrypted 
content data [Dc]Kc from distribution information data- 
30 base 304, and sends it to memory card 1 1 0 via commu- 
nication device 350 (step S128). 
[0106] When cellular phone 100 receives data [Dc]Kc 
(step S130), memory card 110 stores received data [Dc] 
Kc in memory 1412 as it is (step S132). 
35 [0107] Music server 30 obtains license key Kc from 
distribution information database 304 (step S134), and 
encryption processing unit 320 encrypts license key Kc 
and license information data License applied from dis- 
tribution control unit 312 with public encryption key KP- 
40 card(1) applied from decryption processing unit 318 
(stepS 136). 

[0108] Encryption processing unit 322 receives data 
[Kc, License] Kcard(1 ) encrypted by encryption process- 
ing unit 320, and encrypts it with session key Ks for out- 
45 putting the further encrypted data to data bus BS1 . Com- 
munication device 350 sends data [[Kc, License]Kcard 
(1)]Ks encrypted by encryption processing unit 322 to 
memory card 110. 

[0109] When cellular phone 100 receives data [[Kc, 
so License]Kcard(1))Ks (step S142), decryption process- 
ing unit 1410 in memory card 110 decrypts it with ses- 
sion key Ks so that data [Kc, License]Kcard(1 ) is extract- 
ed and recorded (stored) in memory 1412 (step S146). 
[0110] Further, in memory card 110, decryption 
55 processing unit 1416 controlled by controller 1420 de- 
crypts data [Kc, License]Kcard(1 ) stored in memory 
1412, and decrypted license information data License 
is stored in register 1500 (step S148). 
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[0111] Through the operations described above, the 
memory card itself can receive the distributed data after 
sending public encryption key KPmedia(1) to the side 
(music server 30) sending session key Ks, and the con- 
tent data stored in memory card 1 1 0 becomes reproduc- 
ible. In the following description, the state, in which the 
content data stored in the memory card is reproducible, 
may be referred to as "a state SA of memory card 1 1 0°. 
When the content data stored in the memory card is not 
reproducible, this state may be referred to as "a state 
SB of memory card 110". 

[01 1 2] When a notice of reception is sent from mem- 
ory card 1 1 0 to music server 30, and is received by mu- 
sic server 30 (step S150), accounting database 302 
stores accounting data of user 1 (step S152), and the 
processing ends (step S154). 
[01 1 3] Fig. 8 is a flowchart representing reproduction 
processing in cellular phone 100 for decrypting the en- 
crypted content data held in memory card 110, and ex- 
ternally outputting it as music. 
[01 1 4] Referring to Fig. 8, user 1 enters an instruction 
through touch key unit 1 1 08 or the like of cellular phone 
1 00 so that a reproduction request is output to memory 
card 110 (step S200). 

[01 15] In memory card 1 1 0, controller 1 420 responds 
to this reproduction request, and determines based on 
license information data License held in register 1500 
whether the request is made for the reproducible data 
(step S202). When it is determined that the requested 
data is reproducible, KPmedia(1) holding unit 1401 
sends public encryption key KPmedia(1) to cellular 
phone 100 (step S204). When it is determined that the 
requested data is not reproducible, the processing ends 
(step S230). 

[0116] When the requested data is reproducible, 
memory card 1 1 0 sends public encryption key KPmedia 
(1 ) so that cellular phone 1 00 receives public encryption 
key KPmedia{1 ) from memory card 1 1 0 (step S206), and 
operates as follows. Ks generating unit 1502 produces 
session key Ks, and encryption processing unit 1 504 en- 
crypts session key Ks with public encryption key KPme- 
dia(1) to produce and send encrypted session key [Ks] 
KPmedia( 1 ) to memory card 1 1 0 via data bus BS2 (step 
S208). 

[0117] Memory card 110 receives session key Ks, 
which is produced and encrypted by cellular phone 1 00, 
via data bus BS2, and decrypts it with private decryption 
key Kmedia(1) to extract session key Ks (step S210). 
[0118] Then, memory card 110 reads out encrypted 
data [Ks, License]Kcard(1) from memory 1412, and de- 
cryption processing unit 1416 decrypts it (step S212). 
[0119] When the data read from memory 1412 is de- 
codable with private decryption key Kcard(1) (step 
S214), license key Kc is extracted (step S216). When 
the data is not decodable, the processing ends (step 
S232). 

[0120] When the data read from memory 1412 is de- 
codable (step S214), data related to the times of repro- 



duction, which is a part of license information data Li- 
cense in register 1500, is changed (step S218). 
[0121] Then, license key Kc is encrypted with extract- 
ed session key Ks (step S220), and encrypted license 
5 key [Kc]Ks is applied to data bus BS2 (step S222). 
[0122] Decryption processing unit 1506 of cellular 
phone 100 performs the decryption with session key Ks 
to obtain license key Kc (step S224). 
[0123] Then, memory card 110 reads out encrypted 
content data [Dc]Kc from memory 1412, and applies it 
to data bus BS2 (step S226). 

[0124] Audio decoding unit 1508 of cellular phone 100 
decrypts encrypted content data [Dc]Kc with extracted 
license key Kc to produce plaintext music data (step 
S228), and reproduces music signals for applying them 
to mixing unit 1510 (step S230). Digital-to-analog con- 
verter 1 51 2 receives and converts the data applied from 
mixing unit 1 51 0 to output externally the reproduced mu- 
sic. Thereby, the processing ends (step S232). 
[0125] Owing to the above structure, the memory card 
itself can perform the reproduction after sending public 
encryption key KPmedia(1 ) to the side (cellular phone 
100) sending session key Ks. 
[01 26] Figs. 9 and 1 0 are first and second flowcharts 
representing the processing for transferring or duplicat- 
ing music data, key data or the like between two memory 
cards. 

[01 27] 11 is assumed that cellular phone 1 02 is a send- 
er, and cellular phone 100 is a receiver. It is also as- 
sumed that memory card 112 having a structure similar 
to that of memory card 1 1 0 is attached to cellular phone 
102. 

[0128] Cellular phone 102 first outputs a transfer re- 
quest or a duplication request to its own memory card 
112 and cellular phone 100 (step S300). 
[0129] In response to this, memory card 1 1 2 reads out 
encrypted content data [Dc]Kc from memory 141 2, and 
outputs it to memory card 110 (step S302). Cellular 
phone 1 00 receives the request from cellular phone 1 02 
(step S301), and memory card 110 stores encrypted 
content data [Dc]Kc in memory 1412 (step S304). 
[0130] Then, it is determined in cellular phones 102 
and 100 whether the request applied in step S300 is a 
"transfer request" or a "duplication request" (steps S306 
and S306'). When it is a "transfer request", memory card 
112 sends a public encryption key KPmedia(2) to cellu- 
lar phone 102 (step S308), and cellular phone 102 re- 
ceives public encryption key KPmedia(2) (step S312). 
When it is a "transfer request", memory card 1 1 0 outputs 
public encryption key KPmedia(1 ) to cellular phone 1 00 
(step S308'), and cellular phone 100 sends public en- 
cryption key KPmedia(1) to cellular phone 102 (step 
S310). 

[0131] When cellular phone 102 receives public en- 
cryption keys KPmedia(1) and KPmedia(2) (steps S312 
and S312'), session key generating circuit 1502 in cel- 
lular phone 102 produces session key Ks (step S303), 
and encryption processing unit 1504 encrypts session 
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key Ks with public encryption keys KPmedia(1 ) and KP- 
media(2)(stepS314). 

[0132] Cellular phone 102 transmits encrypted ses- 
sion key [Ks]KPmedia(2) to memory card 112 via data 
bus BS2, and memory card 1 1 2 operates to decrypt and 
extract session key Ks with private decryption key Kme- 
dia(2) (step S328). 

[0133] Further, cellular phone 102 sends encrypted 
session key [Ks]KPmedia(1 ) to cellular phone 1 00 (step 
S316). Cellular phone 100 receives encrypted session 
key [Ks]KPmedta(1) thus sent (step S318). and trans- 
mits it to memory card 1 1 0 so that decryption processing 
unit 1404 in memory card 110 decrypts encrypted ses- 
sion key [Ks]KPmedia(1 ) to accept session key Ks (step 
S320). 

[01 34] In memory card 1 1 0, session key Ks encrypts 
public encryption key KPcard(1) of memory card 110 
with session key Ks (step S322) ( and encrypted data 
[KPcard(1 )]Ks is sent from cellular phone 1 00 to cellular 
phone 102 (step S324). Cellular phone 1 02 receives da- 
ta [KPcard(1)]Ks (step S326), and memory card 112 
completes the reception of session key Ks (step S328). 
Subsequently memory card 1 1 2 decrypts encrypted da- 
ta [KPcard(1)]Ks sent from memory card 110 with ses- 
sion key Ks to extract public encryption key KPcard(1) 
of memory card 11 0 in the decrypted form (step S330). 
[0135] In memory card 112, license key Kc and li- 
cense information data License, which are encrypted 
with public encryption key KPcard(2) of memory card 
112, are then read out from memory 1412 (step S332). 
[0136] Then, decryption processing unit 1416 of 
memory card 112 decrypts license key Kc and license 
information data License with private decryption key 
Kcard(2) (step S334). 

[0137] Controller 1420 in memory card 112 substi- 
tutes a value of license information data License thus 
decrypted for a data value in register 1500 (step S336). 
[0138] Further, encryption processing unit 1414 in 
memory card 112 encrypts license key Kc and license 
information data License with public encryption key KP- 
card(1 ), which is extracted by decryption processing un it 
1410, in memory card 110 (step S338). 
[0139] The data encrypted by encryption processing 
unit 1414 in memory card 112 is further applied to en- 
cryption processing unit 1406 via selector switch 1408 
having closed contact Pc, and encryption processing 
unit 1406 encrypts data [Kc, License]Kcard(1) with ses- 
sion key Ks to produce data [[Kc, License]Kcard(1)]Ks 
(step S340). 

[0140] Subsequently, memory card 112 outputs data 
[[Kc, License]Kcard(1)]Ks to cellular phone 102 (step 
S342), and cellular phone 1 02 sends data [[Kc, License] 
Kcard( 1 )]Ks to cellular phone 1 00 (step S344). 
[0141] Data[[Kc, License]Kcard(1)]Ks received cellu- 
lar phone 1 00 (step S346) is transmitted to memory card 
110, and decryption processing unit 1410 in memory 
card 110 decrypts encrypted data QKc, LicenseJKcard 
(1 )]Ks to accept data [Kc, License]Kcard(1 ) (step S348). 



[0142] In memory card 110, decryption processing 
unit 1410 stores the data, which is decrypted with ses- 
sion key Ks, in memory 1412 (step S350). Further, in 
memory card 110, decryption processing unit 1416 de- 

5 crypts data [Kc, License]Kcard(1 ) based on private de- 
cryption key Kcard(1), and stores decrypted license in- 
formation data License in register 1500 (step S352). 
[01 43] When memory card 1 1 0 completes the storing 
of decrypted license information data License in register 

* 0 1 500, memory card 1 1 0 sends a notification of the trans- 
fer acceptance to cellular phone 1 00, and cellu lar phone 
100 sends a notification of transfer acceptance to cellu- 
lar phone 102 (step S354). 

[01 44] When cellular phone 1 02 receives the notif ica- 

'5 tion of transfer acceptance from cellular phone 100, it 
transfers the notification to memory card 112 so that 
memory card 112 erases license information data Li- 
cense stored in register 1500 in response to reception 
of the notification (step S358). 

20 [0145] In response to reception of the notification of 
transfer acceptance, cellular phone 1 02 displays a mes- 
sage on display 1110 for inquiring user 2 whether the 
user allows erasing of data stored in memory card 112 
and corresponding to the transfer data stored in memory 

25 card 1412. User 2 enters a response to this message 
via touch key unit 1108 (step S360). 
[0146] When data in register 1500 is erased (step 
S358), and the response to the above message is en- 
tered (step S360), controller 1420 in memory card 112 

30 determines whether the data in memory 1412 is to be 
erased or not (step S362). 

[0147] When there is an instruction to erase the relat- 
ed data in memory 1412 (step S362), controller 1420 
operates to erase encrypted content data [Dc]Kc and 

35 data [Kc, License]Kcard(2) in memory 1412 (step 
S364), and the processing ends (step S374). 
[0148] When the erasing of data in memory 1412 is 
not instructed (step S362), the processing ends (step 
S374). In this case, encrypted content data [Dc]Kc and 

40 data [Kc, License]Kcard(2) are left in memory 1 41 2, but 
license information data License is not present in regis- 
ter 1 500 so that user 2 cannot reproduce the music data 
unless user 2 receives the reproduction information 
from music server 30 again. Thus, memory card 1 1 2 en- 

45 ters the "state SB". In memory card 110, license key Kc 
and the license information data are moved in addition 
to the encrypted content data so that memory card 110 
is in the "state SA". 

[0149] When it is determined in step S306' that the 
so "duplication request" is applied, a duplication accept- 
ance notification is sent from cellular phone 100 to cel- 
lular phone 102 (step S370). When the duplication ac- 
ceptance notification is received by cellular phone 102 
(step S372), the processing ends (step S374). 
55 [0150] Owing to the above structure, the transfer op- 
eration and the duplication operation can be performed 
after the memory card itself sends public encryption 
keys KPmedia(1) and KPmedia(2) to the side (cellular 
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phone 100) sending session key Ks. 
[Second Embodiment] 

[01 51 J A data distribution system of a second embod- 
iment differs from the data distribution system of the first 
embodiment in that each of the distribution server, cel- 
lular phones and memory cards is configured to produce 
a unique session key. More specifically, it is assumed 
that the distribution server or cellular phone generates 
session key Ks, a memory card 1 20 generates a session 
key Ks1, and a memory card 122 having substantially 
the same structure as memory card 120 generates a 
session key Ks2. 

[0152] In the data distribution system of the second 
embodiment, each of the devices and instruments form- 
ing the system produces the session key by itself, and 
performs the operation for receiving data (i.e., the oper- 
ation as a receiver) by sending first the session key to 
the opposite party (sender). The sender encrypts the 
session key sent from the receiver, and sends the en- 
crypted data. The receiver decrypts the received data 
with the session key produced by it. The structure for 
performing the above operations is a distinctive feature 
of the second embodiment. 

[01 53] For achieving the above operations, a key KPp 
is used in the reproducing operation as an public en- 
cryption key for receiving the session key, which is pro- 
duced by the memory card, on the cellular phone side, 
and a key Kp is used as a private decryption key for de- 
crypting the data encrypted with public encryption key 
KPp. 

[0154] Fig. 11 is a schematic block diagram showing 
a structure of a distribution server 11 corresponding to 
memory card 120 in the second embodiment. Distribu- 
tion server 11 differs from distribution server 10 shown 
in Fig. 3 in that encryption processing unit 322 in data 
processing unit 310 further encrypts the output of en- 
cryption processing unit 320 not based on session key 
Ks applied from Ks generating unit 314 but based on a 
session key (e.g., session key Ks1), which is sent from 
the memory card attached to the cellular phone after be- 
ing encrypted with session keys Ks1 and Ks2, and is 
decrypted by decryption processing unit 31 8 for extrac- 
tion, and then applies the output thus encrypted to com- 
munication device 350 via data bus BS1 . 
[0155] Structures of distribution server 11 other than 
the above are similar to those of distribution server 10 
of the first embodiment shown in Fig. 3. The same parts 
and portions bear the same reference numbers, and de- 
scription thereof is not repeated. 
[0156] Fig. 12 is a schematic block diagram showing 
a structure of a cellular phone 101 in the second em- 
bodiment. 

[01 57] Cellular phone 101 differs from cellular phone 
1 00 shown in Fig. 4 in that memory card 1 20 is attached 
thereto, and also differs in that cellular phone 101 in- 
cludes a KPp holding unit 1524 for holding public en- 



cryption key KPp, and outputting public encryption key 
KPp to data bus BS2 in the reproducing operation. 
[01 58] Further, cellular phone 1 01 includes a Kp hold- 
ing unit 1520 for holding private decryption key Kp : and 

5 a decryption processing unit 1 522 for decrypting and ex- 
tracting session key Ks1 , which is encrypted with public 
encryption key KPp applied from memory card 120 via 
data bus BS2, based on private decryption key Kp ap- 
plied from Kp holding unit 1520. Further, encryption 

10 processing unit 1504 encrypts its own session key Ks 
generated by Ks generating unit 1502 with session key 
Ks1 applied from decryption processing unit 1522 for 
outputting the same to data bus BS2. 
[0159] Structures of cellular phone 101 other than the 

'5 above are substantially the same as those of cellular 
phone 1 00 of the first embodiment shown in Fig. 1 . The 
same parts and portions bear the same reference num- 
bers, and description thereof is not repeated. 
[0160] Fig. 13 is a schematic block diagram showing 

20 a structure of memory card 120 in the second embodi- 
ment of the invention , and corresponds to Fig. 5 showing 
the first embodiment. 

[01 61 ] The structure of memory card 1 20 differs from 
the structure of memory card 110 in that memory card 

25 1 20 includes a session key Ks1 generating unit 1 432 for 
generating session key Ks1 unique to memory card 1 20. 
[0162] In addition to the above difference, memory 
card 120 includes an encryption processing unit 1430 
for encrypting session key Ks1 produced by session key 

30 generating unit 1 432, and applying the same to data bus 
BS3. 

[01 63] Corresponding to the above, memory card 1 20 
further includes a KPp accepting unit 1 407 for receiving 
and holding public encryption key KPp of cellular phone 

35 101 in the reproduction mode, a KPmedia accepting unit 
1403 for receiving public encryption key KPmedia(n) of 
the opposite party (receiver or destination) in the trans- 
fer mode, and a selector switch 1436, which receives 
the outputs of KPmedia accepting unit 1403 and KPp 

40 accepting unit 1 407, and outputs either of them depend- 
ing on the operation mode. Selector switch 1 436 has 
contacts Pi and Ph, which are coupled to KPp accepting 
unit 1407 and KPmedia accepting unit 1403, respective- 
ly. Encryption processing unit 1430 applies session key 

45 Ks1 to data bus BS3 after encrypting it with public en- 
cryption key KPmedia(n) or public encryption key KPp 
applied from selector switch 1436. 
[0164] When memory card 120 performs the distrib- 
uting operation, or functions as the receiver or destina- 

50 tion in the transfer operation, selector switch 1436 is not 
used. In the reproducing operation, selector switch 1436 
closes contact Pi. When memory card 120 functions as 
the sender in the transfer operation, contact Ph is 
closed. 

55 [0165] Memory card 120 further includes a selector 
switch 1435, which has contacts Pe, Pf and Pg for re- 
ceiving session key Ks of the music server applied from 
decryption processing unit 1404, the output of Ks1 gen- 
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erating unit 1432 and session key Ks of cellular phone 
101 applied from data bus BS4, and selectively outputs 
them in accordance with the operation mode. Contact 
Pe is coupled to the output of decryption processing un it 
1404, contact Pf is coupled to the output of Ks1 gener- 
ating unit 1432, and contact Pg is coupled to data bus 
BS4. Accordingly, encryption processing unit 1406 and 
decryption processing unit 1410 perform the encryption 
and decryption based on the key applied from selector 
switch 1435, respectively. 

[0166] Selector switch 1 435 closes contact Pe when 
session key Ks1 is to be extracted from music server 31 
in the distribution operation. When encrypted license 
key license key Kc and encrypted license information 
data applied from music server 31 are to be decrypted 
with session key Ks1 in the distribution operation, se- 
lector switch 1435 closes contact Pf. Selector switch 
1 435 closes contact Pf when decryption is performed in 
the reproducing operation, and closes contact Pg when 
encryption is performed in the reproducing operation. 
When selector switch 1435 is on the sender side in the 
transfer operation and decryption is to be performed, se- 
lector switch 1435 closes contact Pf. When selector 
switch 1 435 is on the sender side in the transfer opera- 
tion and encryption is to be performed, selector switch 
1435 closes contact Pg. When selector switch 1435 is 
on the receiver side in the transfer operation and the 
session key is to be received from the sender, selector 
switch 1435 closes contact Pe. When selector switch 
1435 is on the receiver side in the transfer operation, 
and license key Kc and license information data License 
are to be received, selector switch 1435 closes contact 
Pf. 

[0167J Memory card 120 further includes a selector 
switch 1409 instead of selector switch 1408. Selector 
switch 1409 has contacts Pa, Pb, Pc and Pd, and re- 
ceives session key Ks1 of its memory card 120 applied 
from Ks1 generating unit 1432, the output of KPcard 
holding unit 1405, license key Kc applied from data bus 
BS5, and license key Kc and license information data 
License, which are applied from encryption processing 
unit 1414 and are encrypted with public encryption key 
KPcard (n) of the opposite party, and selectively outputs 
them in accordance with the operation mode. 
[01 68] Contact Pa is coupled to the output of Ks1 gen- 
erating unit 1 432, and contact Pb is coupled to the out- 
put of KPcard(1) holding unit 1405. Also, contacts Pc 
and Pd are coupled to data bus BS5 and the output of 
encryption processing unit 1414, respectively. There- 
fore, encryption processing unit 1406 encrypts the var- 
ious kinds of data applied from selector switch 1409. 
[0169] More specifically, when selector switch 1409 is 
on the receiver side in the distribution mode, and public 
encryption key KPcard(1) and session key Ks1 of its 
memory card 1 20 are to be sent to music server 31 , se- 
lector switch 1 409 successively closes contacts Pb and 
Pa. In the reproduction mode, selector switch 1409 clos- 
es contact Pc. When selector switch 1409 is on the 



sender side in the transfer mode, it closes contact Pd. 
When selector switch 1 409 is on the receiver side in the 
transfer mode, and public encryption key KPcard(1 ) and 
session key Ks1 of its memory card 120 are to be sent, 
5 selector switch 1409 successively closes contacts Pb 
and Pa. 

[01 70] Figs. 1 4 and 1 5 are first and second flowcharts 
representing the distribution mode using memory card 
120 shown in Fig. 13. 
10 [0171] Figs. 14 and 15 represent operations, in which 
the system is in the distribution mode, and user 1 uses 
memory card 120 for receiving the music data distribut- 
ed from music server 31 . 

[0172] First, user 1 requests the distribution via cellu- 

15 lar phone 101, e.g., by operating keys or buttons on 
touch key unit 1108 (step S100). 
[01 73] In response to this distribution request, KPme- 
dia(1 ) holding unit 1 401 in memory card 1 20 sends pub- 
lic encryption key KPmedia(1) to music server 31 (step 

20 S102). Further, Ks1 generating unit 1432 in memory 
card 120 produces session key Ks1 (step S1 09). 
[0174] In music server 31, when the distribution re- 
quest and public encryption key KPmedia(1) are re- 
ceived from memory card 1 20 (step S1 04), inquiry is ap- 

25 plied to authentication server 1 2 based on received pub- 
lic encryption key KPmedia(1) (step S106), and next 
processing moves to the next step when the access is 
performed with the regular memory card. If a regular 
memory card is not used, the processing ends (step 

30 S154). 

[01 75] When it is determined by the inquiry that a reg- 
ular memory card is used, session key generating unit 
314 produces session key Ks in music server 31. Fur- 
ther, encryption processing unit 316 in music server 31 
35 encrypts session key Ks with received public encryption 
key KPmedia(1) to produce encrypted session key [Ks] 
Kmedia{1) (step S1 08). 

[01 76] Then, music server 31 applies encrypted ses- 
sion key [Ks]Kmedia(1) to data bus BS1. Communica- 

40 tion device 350 sends encrypted session key [Ks]Kme- 
dia(1) received from encryption processing unit 316 to 
memory card 120 of cellular phone 101 over the com- 
munication network (step S110). 
[0177] When cellular phone 101 receives encrypted 

45 session key [Ks]Kmedia(1) (step S112), decryption 
processing unit 1404 in memory card 120 decrypts the 
data applied to data bus BS3 via memory interface 1 200 
with encrypted session key [Ks]Kmedia(1) so that ses- 
sion key Ks is decrypted and extracted (step S114). 

50 [0178] In the distribution mode, selector switch 1409 
is in the state for successively closing contacts Pa and 
Pb so that encryption processing unit 1406 encrypts 
session key Ks1 applied from session key generating 
unit 1 432 via contact Pa as well as public encryption key 

55 KPcard(1) (i.e., public encryption key for memory card 
120) applied from KPcard(1) holding unit 1405 via con- 
tact Pb with session key Ks (step S116), and thereby 
produces data [KPcard(1), Ks1]Ks (step S118). 
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[0179] Cellular phone 101 sends data [KPcard(1), 
Ks1 ]Ks encrypted by encryption processing unit 1 406 to 
music server31 (stepS120). 

[0180] in music server 31 , communication device 350 
receives data [KPcard(1), Ks1]Ks {step S122), and de- s 
cryption processing unit 318 decrypts data [KPcard(1), 
Ks1]Ks applied to data bus BS1 with session key Ks to 
extract public encryption key KPcard(1 ) and session key 
Ks1 in the decrypted form (step S124). 
[01 81 ] Then , distribution control unit 31 2 produces li- 
cense information data License including license ID da- 
ta and others based on the data held in distribution in- 
formation database 304 and others (step S126). 
[0182] Further, music server 31 obtains encrypted 
content data [Dc]Kc from distribution information data- 
base 304, and sends it to memory card 1 20 via commu- 
nication device 350 (step S128). 
[0183] When cellular phone 101 receives encrypted 
content data [Dc]Kc (step S130), memory card 120 
stores encrypted content data [Dc]Kc thus received in 
memory 1412 as it is (step S132). 
[0184] Music server 31 obtains license key Kc from 
distribution information database 304 (step S134), and 
encryption processing unit 320 encrypts license key Kc 
and license information data License applied from dis- 
tribution control unit 312 with public encryption key KP- 
card(1) applied from decryption processing unit 318 
(stepS 136). 

[0185] Encryption processing unit 322 receives data 
[Kc, License]Kcard(1 ) encrypted by encryption process- 
ing unit 320, and applies it to data bus BS after encrypt- 
ing the data with session key Ks1 applied from memory 
card 120. Communication device 350 sends data [[Kc, 
License]Kcard(1 )]Ks1 encrypted with encryption 
processing unit 322 to memory card 120. 
[0186] When cellular phone 101 receives data [[Kc, 
License]Kcard(1)]Ks1 (step S1 42), decryption process- 
ing unit 1410 in memory card 120 decrypts it with ses- 
sion key Ks1 applied from Ks1 generating unit 1432 via 
contact Pf so that data [Kc, License] Kcard(1 ) is extract- 
ed and stored in memory 1412 (step S146). 
[0187] In memory card 120, decryption processing 
unit 1416 decrypts data [Kc, License]Kcard(1) stored in 
memory 1412 under the control of controller 1420, and 
stores decrypted license information data License in 
register 1500 (step S148). 

[0188] Through the above operations, memory card 
120 can receive the distributed data after memory card 
120 itself sends public encryption key KPmedia(1) and 
session key Ks1 to the sender side (music server 31 ) of 
the encrypted content data, and thereby memory card 
120 can enter the state, in which the music information 
can be reproduced. 

[01 89] Further, memory card 1 20 sends a notification 
of distribution acceptance to music server 31 . When mu- 
sic server 31 receives this distribution acceptance noti- 
fication (step S150), accounting database 302 stores 
accounting data of user 1 (step S152), and the process- 



ing ends (step S154). 

[0190] Figs. 16 and 17 are first and second flowcharts 
representing the reproduction mode of cellular phone 
101 , in which the encrypted content data held by mem- 
ory card 120 is decrypted for externally outputting the 
content data (i.e., music data) as music. 
[0191] Referring to Figs. 16 and 17, user 1 applies a 
reproduction request entered by user 1 via touch key 
unit 1 1 08 or the like of the cellular phone to memory card 
120 (step S200). 

[0192] In response to this reproduction request, con- 
troller 1420 in memory card 120 determines based on 
the license information data License held in register 
1 500 whether the request is applied for the reproducible 
data or not (step S202). When it is determined that the 
requested data is reproducible, a notification that the da- 
ta is reproducible is sent to cellular phone 101 (step 
S240). When it is not reproducible, the processing ends 
(step S280). 

[0193] When memory card 120 determines that the 
requested data is reproducible, and sends the notifica- 
tion that the data is reproducible, cellular phone 101 
sends public encryption key KPp to memory card 120 
(step S242), and Ks generating unit 1 502 produces ses- 
sion key Ks (step S244). 

[0194] Also, memory card 1 20 produces session key 
Ks1 (step S240). Memory card 120 encrypts session 
key Ks1 with public encryption key KPp received from 
cellular phone 101 via data bus BS2 (step S248), and 
sends encrypted session key [Ks1]Kp thus prepared to 
cellular phone 101 (step S250). 
[0195] When cellular phone 101 receives encrypted 
session key [Ks1]Kp from memory card 120, decryption 
processing unit 1522 in cellular phone 101 decrypts it 
with private decryption key Kp to extract session key 
Ks1 prepared by memory card 120 (step S252). Then, 
encryption processing unit 1504 in cellular phone 101 
encrypts session key Ks prepared by cellular phone 1 01 
with session key Ks1 to produce encrypted session key 
[Ks]Ks1 (step S254), and sends encrypted session key 
[Ks]Ks1 thus prepared to memory card 120 (stepS256). 
[0196] Memory card 120 receives encrypted session 
key [Ks]Ks1 produced by cellular phone 101 via data 
bus BS2, and decrypts it with session key Ks1 for ex- 
tracting session key Ks produced by cellular phone 101 
(step S258). 

[0197] Then, memory card 120 reads out encrypted 
data [Kc, License]Kcard(1) from memory 1412, and de- 
cryption processing unit 1416 decrypts it (step S260). 
[0198] When the data read from memory 1412 is de- 
codable with private decryption key Kcard(1) (S262), li- 
cense key Kc is extracted (step S264). If not decodable, 
the processing ends (step S280). 
[0199] When the data read from memory 1412 is de- 
codable, processing is performed to change the data, 
which is contained in license information data License 
tn register 1 500, and is related to the reproduction times 
(step S266), 
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[0200] In memory card 120, encryption processing 
unit 1406 then encrypts license key Kc with extracted 
session key Ks (step S268), and applies encrypted li- 
cense key [Kc]Ks to data bus BS2 (step S270). 
[0201] Decryption processing unit 1506 in cellular 
phone 101 performs the decryption with session key Ks 
to obtain license key Kc. 

[0202] Then, memory card 120 reads out encrypted 
content data [Dc]Kc from memory 1412, and applies it 
to data bus BS2 (step S274). 
[0203] Audio decoding unit 1508 in cellular phone 101 
decrypts encrypted content data [DcJKc with extracted 
license key Kc to produce plaintext content data (step 
S276), and reproduces music signals for applying them 
to mixing unit 1510 (step S276). Digital-to-analog con- 
verter 1512 receives and converts the music signals ap- 
plied from mixing unit 1 51 0 for externally outputting the 
reproduced music, and then the processing ends (step 
S232). 

[0204] Owing to the above structures, the memory 
card itself and the cellular phone itself produce session 
keys Ks1 and Ks, respectively, and the reproduction can 
be performed after the encrypted data is transmitted us- 
ing these keys. 

[0205] Figs. 1 8 and 1 9 are first and second flowcharts 
representing the processing of transferring or duplicat- 
ing the content data, key data and others between two 
memory cards, respectively. 

[0206] It is assumed that a cellular phone 1 03 having 
substantially the same structure as cellular phone 101 
is on the sender side, and cellular phone 1 01 is on the 
receiver side. Memory card 122 having substantially the 
same structure as memory card 1 20 is likewise attached 
to cellular phone 103. 

[0207] Cellular phone 103 first outputs a transfer re- 
quest or a duplication request to memory card 122 at- 
tached thereto and cellular phone 101 (step S300). 
[0208] In response to this, memory card 122 reads out 
encrypted content data [Dc]Kc from memory 1412, and 
outputs it to memory card 120 (step S302). Cellular 
phone 101 receives the request from cellular phone 1 03 
(step S301 ), and memory card 1 20 operates to store en- 
crypted content data [DcJKc in memory 1412 (step 
S304). 

[0209] In cellular phones 103 and 101 , it is then de- 
termined whether the request applied in step S300 is a 
"transfer request' or a "duplication request" (steps S306 
and S306'). When it is a "transfer request", memory card 
120 outputs public encryption key KPmedia(1) to cellu- 
lar phone 101 (step S308), and cellular phone 101 
sends public encryption key KPmedia(1) to cellular 
phone 103 (step S310). 

[0210] When cellular phone 103 receives public en- 
cryption key KPmedia(1) (step S312), and transfers it to 
memory card 122 (step S313), Ks2 generating circuit 
1432 of memory card 122 produces session key Ks2 
(step S314), and encryption processing unit 1430 en- 
crypts session key Ks2 with public encryption key KP- 



media(1) (step S315), 

[0211] Cellular phone 103 sends encrypted session 
key [Ks2]KPmedia(1) to cellular phone 101 (stepS316). 
Cellular phone 101 receives encrypted session key 

5 [Ks2]KPmedia(1) (stepS318), and transmits it to mem- 
ory card 120. In memory card 120, decryption process- 
ing unit 1404 decrypts encrypted session key [Ks2]KP- 
media(1), and session key generating unit 1432 produc- 
es session key Ks1 to be used in memory card 1 20 (step 

10 S320). 

[021 2] In memory card 1 20, public encryption key KP- 
card(1) and session key Ks1 of memory card 120 are 
encrypted with session key Ks2 (step S322), and en- 
crypted data [KPcard(1), Ks1]Ks2 is sent from cellular 

15 phone 101 to cellular phone 103 (step S324). Cellular 
phone 103 receives data [KPcard(1), Ks1]Ks2 (step 
S326), and transfers it to memory card 122. 
[0213] In memory card 122, decryption processing 
unit 1410 decrypts encrypted data [KPcard(1), Ks1]Ks2 

20 sent from memory card 1 20 with session key Ks2, and 
extracts public encryption key KPcard(1) and session 
key Ks1 of memory card 120 in the decoded form (step 
S330). 

[0214] In memory card 122, encrypted data [Kc, Li- 
25 cense]Kcard(2), which corresponds to license key Kc 
and license information data License, and is encrypted 
with public encryption key KPcard(2) of memory card 
22, is then read out from memory 1412 (step S332). 
[0215] Then, decryption processing unit 1416 of 
30 memory card 122 decrypts data [Kc, License]Kcard(2) 
with private decryption key Kcard(2) (step S334). 
[0216] Controller 1420 of memory card 122 substi- 
tutes the value of license information data License thus 
decrypted for the data value in register 1500 (step 
35 S336). 

[0217] Encryption processing unit 1414 in memory 
card 122 encrypts license key Kc and license informa- 
tion data License with public encryption key KPcard(1 ) 
in memory card 1 20 extracted by decryption processing 

40 unit 1410 (step S338). 

[0218] The data encrypted by encryption processing 
unit 1414 in memory card 122 is applied to encryption 
processing unit 1406 via selector switch 1409 having 
closed contact Pd, and encryption processing unit 1406 

45 in memory card 122 encrypts data [Kc, License]Kcard 
(1 ) with session key Ks1 to produce data [[Kc, License] 
Kcard(1)]Ks1 (step S340). 

[0219] Then, memory card 1 22 outputs data [[Kc, Li- 
cense]Kcard(1)]Ks1 to cellular phone 103 (step S342), 

so and cellular phone 1 03 sends data [[Kc, License]Kcard 
(1)]Ks1 to cellular phone 101 (step S344). 
[0220] Data [[Kc, License]Kcard(1 )]Ks1 is received by 
cellular phone 101 (step S346), and is transmitted to 
memory card 120, in which decryption processing unit 

55 1410 decrypts encrypted data [[Kc, License]Kcard(1)J 
Ks1, and accepts data [Kc, License] Kcard(1) (step 
S348). 

[0221] In memory card 120, data [Kc, LicenseJKcard 
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(1) decrypted by decryption processing unit 1410 with 
session key Ks1 is stored in memory 1412 (step S350). 
In memory card 120, decryption processing unit 1416 
decrypts data [Kc, License]Kcard(1) based on private 
decryption key Kcard(1), and register 1500 stores li- 
cense information data License thus decrypted (step 
S352). 

[0222] Subsequent processing performed by memory 
cards 1 20 and 1 22 in either of the transfer mode and the 
duplication mode are substantially the same as the 
processing by memory cards 110, 112 and others of the 
first embodiment already described with reference to 
Figs. 9 and 10, and therefore description thereof is not 
repeated. 

[0223] Owing to the above structures, the operations 
in the transfer mode can be performed after producing 
the session key by each of the memory cards on the 
sender and receiver sides. 

[0224] Accordingly, license key Kc of data transmitted 
on the data bus and others as well as the key for en- 
crypting license information data License are unique to 
every session and every instrument or device. This can 
further improve the security of transmission of license 
key Kc and license information data License. 
[0225] Owing to the above structures, the transfer of 
data from memory card 1 22 to memory card 1 20 can be 
performed without using a cellular phone terminal hav- 
ing session key generating circuit 1502 already de- 
scribed, and more specifically, can be performed by the 
memory cards and the interface devices connected to 
the memory cards. This further improves the conven- 
ience of users. 

[0226] In the transfer operation, the data included in 
license information data for restricting the times of re- 
production is set in such a manner that the license in- 
formation data recorded in memory 1412 is changed in- 
to the license information data bearing the number of 
reproduction times, which was corrected by register 
1500 in response to every reproduction. Even when the 
content data is transferred between the memory cards, 
the above manner can prevent such a situation that the 
reproduction times of the content data exceed the times 
restricted and determined at the time of distribution. 

[Third Embodiment] 

[0227] A data distribution system of a third embodi- 
ment has such a distinctive feature that the user does 
not receive encrypted content data distributed from a 
distribution carrier, i.e., a cellular phone company, but 
receives encrypted content data from a content data 
vending machine disposed, e.g., on a street. 
[0228] Fig. 20 conceptually shows a structure of the 
data distribution system of the third embodiment. Since 
cellular phone 1 00 and memory card 1 1 0 have substan- 
tially the same structures as cellular phone 100 and 
memory card 110 in the first embodiment already de- 
scribed, description thereof is not repeated. 



[0229] Referring to Fig. 20, a content data vending 
machine 2000 includes a display 2002 for providing 
guidance and others on distribution to users, a keyboard 
2004 for entering an instruction by a user, a coin slot 

5 2006 and an external connector 2010 for transmitting 
data to and from cellular phone 1 00 via connector 1 1 20. 
Content data vending machine 2000 is connected to an 
administration server 2200 for administrating a sales 
record and others over a cellular phone network or the 

10 like. 

[0230] Fig. 21 is a schematic block diagram showing 
a structure of content data vending machine 2000 of the 
third embodiment. As already described, content data 
vending machine 2000 includes display 2002, keyboard 

15 2004, a coin receiver 2020 for receiving coins or the like 
dropped through slot 2006, external connector 201 0, an 
interface unit 2012 arranged between connector 2010 
and the data bus, distribution information database 304 
for holding data, which is prepared by encrypting the 

20 content data (music data) in a predetermined scheme, 
and distribution information such as license information 
data and others, a communication device 360 for trans- 
mitting information to and from administration server 
2200, and a data processing unit 2100, which receives 

25 data from distribution information database 304 and ad- 
ministration server 2200 via data bus BS1 , and encrypts 
the data in a predetermined scheme. 
[0231] Similarly to the first embodiment, data 
processing unit 2100 is internally provided with distribu- 
te tion control unit 31 2 for controlling the operation of data 
processing unit 2100 in accordance with data on data 
bus BS1 , session key generating unit 31 4 for generating 
session key Ks under the control of distribution control 
unit 312, encryption processing unit 316 for encrypting 

35 session key Ks produced by session key generating unit 
314 with public encryption key KPmedia(n) unique to the 
card medium, and applying the same to data bus BS1 , 
decryption processing unit 318 for receiving and de- 
crypting the data, which is applied via data bus BS1 from 

40 connector 201 0 after being encrypted with, session key 
Ks in the cellular phone of the user, encryption process- 
ing unit 320 for encrypting the license information data 
with public encryption key KPcard(n) extracted by de- 
cryption processing unit 318 under control of distribution 

45 control unit 312, and encryption processing unit 322 for 
further encrypting the output of encryption processing 
unit 320 with session key Ks, and applying it to connec- 
tor 2010 via data bus BS1. 

[0232] Figs. 22 and 23 are first and second flowcharts 
so representing the distribution mode of the distribution 
system already described with reference to Figs. 20 and 
21. 

[0233] Figs. 22 and 23 represent operations, in which 
user 1 uses memory card 110, and receives the music 
55 data distributed from content data vending machine 
2000. 

[0234] First, user 1 applies a distribution request via 
keys, buttons or the like on keyboard 2004 of content 
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data vending machine 2000 (step S400). Content data 
vending machine 2000 outputs a request for sending 
public encryption key KPmedia(1) to memory card 110 
(step S402). 

[0235] In memory card 110, KPmedia(1) holding unit s 
1401 outputs public encryption key KPmedia(1) to cel- 
lular phone 100 in response to the above request for 
sending public encryption key KPmedia(1) (step S406). 
[0236] When cellular phone 1 00 sends public encryp- 
tion key KPmedia(1) to content data vending machine 10 
2000 (step S408), and content data vending machine 
2000 receives public encryption key KPmedia(1) trans- 
ferred from memory card 1 1 0 (step S41 0), display 2002 
displays a message orthe like requesting coin dropping, 
and the charge is collected (step S412). Then, session is 
key generating unit 314 in content data vending ma- 
chine 2000 produces session key Ks. In content data 
vending machine 2000, encryption processing unit 316 
encrypts session key Ks with received public encryption 
key KPmedia(1 ) to produce encrypted session key [Ks] 20 
Kmedia(1) (step S414). 

[0237] Then, content data vending machine 2000 ap- 
plies encrypted session key [Ks]Kmedia(1) to data bus 
BS1, and outputs it from connector 2010 (step S416). 
Cellular phone 1 00 receives encrypted session key [Ks] 25 
Kmedia(1), and transfers it to memory card 110 (step 
S418). 

[0238] In memory card 110, decryption processing 
unit 1404 decrypts encrypted session key [KsJKmedia 
(1 ), which is applied via interface 1 200 to data bus BS3, 30 
with private decryption key Kmedia(1 ) to extract session 
key Ks in the decrypted form (step S420). 
[0239] In the distribution mode, contact Pa is closed 
in selector switch 1408. Therefore, encryption process- 
ing unit 1406 then encrypts public encryption key KP- 35 
card(1) applied from KPcard(1) holding unit 1405 via 
contact Pa with session key Ks (step S422) to produce 
data [KPcard(1)]Ks (step S424). 
[0240] Cellular phone 1 00 sends data [KPcard(1 )]Ks 
encrypted by encryption processing unit 1 406 to content 40 
data vending machine 2000 (step S426). 
[0241] In content data vending machine 2000, data 
[KPcard(1 )]Ks is received via connector 2010 (step 
S428), and decryption processing unit 31 8 decrypts da- 
ta [KPcard(1 ))KS applied to data bus BS1 with session 45 
key Ks to extract public encryption key KPcard(1) in the 
decrypted form (step S430). 

[0242] Then , distribution control unit 31 2 produces li- 
cense information data License containing license ID 
data and others based on the data held in distribution so 
information database 304 and others (step S432). 
[0243] Content data vending machine 2000 obtains 
encrypted content data [Dc]Kc from distribution informa- 
tion database 304, and sends it to cellular phone 100 
via connector 2010 (step S434). 55 
[0244] When cellular phone 1 00 receives encrypted 
content data [Dc]Kc (step S436), memory card 110 
stores encrypted content data [Dc]Kc thus received in 



memory 1412 as it is (step S438). 
[0245] Content data vending machine 2000 obtains li- 
cense key Kcfrom distribution information database 304 
(step S440), and encryption processing unit 320 en- 
crypts license key Kc and license information data Li- 
cense sent from distribution control unit 312 with public 
encryption key KPcard(1) applied from decryption 
processing unit 318 (step S442). 
[0246] Encryption processing unit 322 receives data 
[Kc, License] Kcard(1) encrypted by encryption process- 
ing unit 320, and further encrypts it with session key Ks 
to apply data [[Kc, License]Kcard(1)]Ks to data bus BS 
1 so that data [[Kc, License] Kcard(1 )]Ks thus encrypted 
by encryption processing unit 322 is sent to memory 
card 110 (step S446), 

[0247] When cellular phone 1 00 receives data [[Kc, 
License] Kcard(1)]Ks (step S448), decryption process- 
ing unit 1410 in memory card 110 decrypts it with ses- 
sion key Ks to extract and store data [Kc, License] Kcard 
(1) in memory 1412 (step S452). 
[0248] In memory card 110, decryption processing 
unit 1416 controlled by controller 1420 decrypts data 
[Kc, License] Kcard(1) stored in memory 1412, and 
stores decrypted license information data License in 
register 1500 (step S458). 

[0249] By the operations described above, the mem- 
ory card can receive the distributed data after the mem- 
ory card itself sends public encryption key KPmedia(1) 
to the side sending session key Ks (i.e., content data 
vending machine 2000), and can enter the state, in 
which the music can be produced from the encrypted 
content data stored in memory card 110. 
[0250] Further, memory card 1 1 0 sends a notification 
of the distribution acceptance to content data vending 
machine 2000 via cellular phone 1 00 (step S460). When 
content data vending machine 2000 receives this noti- 
fication of distribution acceptance (step S462), a sales 
record is sent to the administration server (step S464), 
and the processing ends (step S466). 
[0251] Owing to the above structure, the user can re- 
ceive the encrypted and distributed music data and oth- 
ers more easily. 

[Modification of the Third Embodiment] 

[0252] In the data distribution system of the third em- 
bodiment, memory card 110 is configured to receive the 
encrypted content data distributed by content data 
vending machine 2000 via cellular phone 100. 
[0253] In the structure of content data vending ma- 
chine 2000 shown in Fig. 21 , however, connector 2010 
may be replaced with a memory slot for interface to 
memory card 110. Thereby, the data can be directly 
transmitted between memory card 1 1 0 and content data 
vending machine 2000 without interposing cellular 
phone 100 therebetween. 

[0254] Fig. 24 conceptually shows a structure of con- 
tent data vending machine of such a modification of the 
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third embodiment. Content data vending machine 2000 
of this modification differs from content data vending 
machine 2000 of the third embodiment shown in Fig. 20 
in that a card slot 2030 for receiving a memory card is 
employed instead of external connector 2010, and the 
card in card slot 2030 can transmit data to and from data 
bus BS1 via interface portion 2012. 
[0255] Figs. 25 and 26 are first and second flowcharts 
representing the distribution mode in the data distribu- 
tion system of the modification of the third embodiment. 
[0256] The processing in the distribution mode shown 
in Figs. 25 and 26 are the same as that in the distribution 
mode of the third embodiment shown in Figs. 22 and 23 
except for that data transmission is performed between 
memory card 110 and content data vending machine 
2001 without interposing cellular phone 1 00. Therefore, 
the same steps and operations bear the same reference 
characters, and description thereof is not repeated. 
[0257] Owing to the above structures and operations, 
the user can receive more easily the encrypted music 
data and others distributed thereto. 
[0258] Further, the memory card can operate inde- 
pendently to receive and store the distributed content 
data in the encrypted form. This increases a range, from 
which a circuit or a unit for content data reproduction is 
selected, and therefore further improves the conven- 
ience of users. 

[Fourth Embodiment] 

[0259] Fig. 27 is a schematic block diagram showing 
a structure of a content data vending machine 3000 of 
a fourth embodiment. The structure of content data 
vending machine 3000 of the fourth embodiment differs 
from that of content data vending machine 2000 shown 
in Fig. 21 in that memory card 120 of the second em- 
bodiment can be used, and cellular phone 101 is used 
as the terminal. Corresponding to this, encryption 
processing unit 322 in data processing unit 21 00 further 
encrypts the output of encryption processing unit 320 
not based on session key Ks applied from Ks generating 
unit 31 4 but based on the session key (e.g., session key 
Ks1 ), which is sent from the memory card attached to 
the cellular phone after being encrypted with session 
key Ks, and is decrypted by decryption processing unit 
318, and applies the output thus encrypted to interface 
unit 201 2 and connector 201 0 via data bus BS 1 . 
[0260] Structures of content data vending machine 
3000 other than the above are substantially the same 
as those of content data vending machine 2000 of the 
third embodiment shown in Fig. 21 . The same portions 
bear the same reference numbers, and description 
thereof is not repeated. 

[0261 ] Since cellular phone 1 01 and memory card 1 1 0 
have substantially the same structure as those in the 
second embodiment, description thereof is not repeat- 
ed. 

[0262] Figs, 28 and 29 are first and second flowcharts 



representing the distribution mode of the data distribu- 
tion system shown in Fig. 27. 
[0263] Figs. 28 and 29 represent operations, in which 
user 1 uses memory card 120 for receiving music data 

s distributed from content data vending machine 3000. 
[0264] First, the user enters the distribution request, 
e.g., by operating keys or buttons on keyboard 2004 of 
content data vending machine 3000 (step S500). Con- 
tent data vending machine 3000 outputs a request for 

10 sending public encryption key KPmedia(1) to memory 
card 110 (step S502). 

[0265] In memory card 120, KPmedia(1 ) holding unit 
1401 sends public encryption key KPmedia(1) to con- 
tent data vending machine 3000 in response to this re- 
's quest for sending public encryption key KPmedia(1) 
(step S506), Further, in memory card 120, Ks1 gener- 
ating unit 1432 produces session key Ks1 (step S515). 
[0266] Cellular phone 101 sends public encryption 
key KPmedia{1 ) to content data vending machine 3000 
20 (step S508), and content data vending machine 3000 
receives public encryption key KPmedia(1) transferred 
from memory card 120 (step S510). Thereby, display 
2002 displays a message or the like requesting coin 
dropping, and the charge is collected (step S51 2). Then, 
25 session key generating unit 31 4 in content data vending 
machine 3000 produces session key Ks. In content data 
vending machine 3000, encryption processing unit 31 6 
encrypts session key Ks with received public encryption 
key KPmedia(1 ) to produce encrypted session key [Ks] 
30 Kmedia(1) (step S5 14). 

[0267] Then, content data vending machine 3000 ap- 
plies encrypted session key [Ks]Kmedia(1) to data bus 
BS1, and outputs it from connector 2010 (step S416). 
Cellular phone 101 receives encrypted session key [Ks] 
35 Kmedia(1), and transfers it to memory card 120 (step 
S518). 

[0268] In memory card 120, decryption processing 
unit 1404 decrypts encrypted session key [KsJKmedia 
(1 ), which is applied via interface 1 200 to data bus BS3, 
40 with private decryption key Kmedia(1 ) to extract session 
key Ks in the decrypted form (step S520). 
[0269] Encryption processing unit 1 406 then encrypts 
public encryption key KPcard(1 ) applied from KPcard(1 ) 
holding unit 1 405 and session key Ks1 applied from Ks1 
45 generating unit 1 432 with session key Ks (step S522) to 
produce data [KPcard(1), Ks1]Ks (step S524). 
[0270] Cellular phone 101 sends data [KPcard(1), 
Ks1 ]Ks encrypted by encryption processing unit 1 406 to 
content data vending machine 3000 (step S526). 
so [0271] In content data vending machine 3000, data 
[KPcard(1), Ks1]Ks is received via connector 20 10 (step 
S528), and decryption processing unit 31 8 decrypts da- 
ta [KPcard(1 ), Ks1 ]Ks applied to data bus BS1 with ses- 
sion key Ks to extract public encryption key KPcard(1) 
55 and session key Ks1 in the decrypted form (step S530). 
[0272] Then, distribution control unit 31 2 produces li- 
cense information data License containing license ID 
data and others based on the data held in distribution 
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information database 304 and others (step S532). 
[0273] Content data vending machine 3000 obtains 
encrypted content data [Dc]Kc from distribution informa- 
tion database 304, and sends it to cellular phone 101 
via connector 2010 (step S534). 
[0274] When cellular phone 101 receives encrypted 
content data [Dc]Kc (step S536), memory card 120 
stores encrypted content data [Dc]Kc thus received in 
memory 1412 as it is (step S538). 
[0275] Content data vending machine 3000 obtains li- 
cense key Kc from distribution information database 304 
(step S540), and encryption processing unit 320 en- 
crypts license key Kc and license information data Li- 
cense sent from distribution control unit 312 with public 
encryption key KPcard(1) applied from decryption 
processing unit 31 8 (step S542). 
[0276] Encryption processing unit 322 receives data 
[Kc, License]Kcard(1 ) encrypted by encryption process- 
ing unit 320, and further encrypts it with session key Ks1 
to apply data [[Kc, License]Kcard(1)]Ks1 to data bus 
BS1 so that data [[Kc, License]Kcard(1)]Ks1 thus en- 
crypted by encryption processing unit 322 is sent to cel- 
lular phone 101 (step S546). 

[0277] When cellular phone 101 receives data [[Kc, 
License]Kcard(1)]Ks1 (step S548), decryption process- 
ing unit 1410 in memory card 120 decrypts it with ses- 
sion key Ks1 to extract and store data [Kc, License] 
Kcard(1) in memory 1412 (step S552). 
[0278] The processing after the above is substantially 
the same as that in the third embodiment shown in Figs. 
22 and 23, and therefore description thereof is not re- 
peated. 

[0279] Owing to the above structure, the user can re- 
ceive the encrypted and distributed content data such 
as music data more easily. 

[0280] Further, the encryption key of data transmitted 
on the data bus and others is unique to every session 
and every instrument or device. This can further improve 
the security of data transmission. 

[Modification of the Fourth Embodiment] 

[0281 ] In the data distribution system of the fourth em- 
bodiment, memory card 1 20 is configured to receive the 
encrypted content data distributed by content data 
vending machine 3000 via cellular phone 101 . 
[0282] In the structure of content data vending ma- 
chine 3000 shown in Fig. 27, however, connector 2010 
may be replaced with a memory slot for interface to 
memory card 120, as is done in the modification of the 
third embodiment. Thereby, the data can be directly 
transmitted between memory card 1 20 and content data 
vending machine 3000 without interposing cellular 
phone 101 therebetween. 

[0283] A structure of content data vending machine 
3001 of such a modification of the fourth embodiment is 
substantially the same as the structure of the modifica- 
tion of the third embodiment shown in Fig. 24 except for 



the structure of data processing unit 2100. 
[0284] More specifically, the structure of content data 
vending machine 3001 of the modification of the fourth 
embodiment differs from the structure of content data 

5 vending machine 3000 of the fourth embodiment shown 
in Fig. 27 in that card slot 2030 for receiving a memory 
card is employed instead of external connector 2010, 
and the card in card slot 2030 can transmit data to and 
from data bus BS1 via interface portion 2012. 

w [0285] Figs. 30 and 31 are first and second flowcharts 
representing the distribution mode in the data distribu- 
tion system of the modification of the fourth embodi- 
ment. 

[0286] The processing in the distribution mode shown 
'5 in Figs. 28 and 29 are the same as that in the distribution 
mode of the fourth embodiment shown in Figs. 28 and 
29 except for that data transmission is performed be- 
tween memory card 120 and content data vending ma- 
chine 3001 . Therefore, the same steps and operations 
20 bear the same reference characters, and description 
thereof is not repeated. 

[0287] Owing to the above structures and operations, 
the user can receive more easily the encrypted music 
data and others distributed thereto. 

25 [0288] Further, the memory card can operate inde- 
pendently to receive and store the distributed content 
data in the encrypted form. This increases a range, from 
which a circuit or a unit for content data reproduction is 
selected, and therefore further improves the conven- 

30 ience of users. 

[Fifth Embodiment] 

[0289] A distribution server 12, a cellular phone 105 
35 and a memory card 140 in a fifth embodiment differs 
from distribution server 1 1 , cellular phone 1 01 and mem- 
ory card 1 20 of the second embodiment in the following 
points. 

[0290] Cellular phone 1 05 of the fifth embodiment has 

40 structures for recording and holding public encryption 
key KPp and certificate data Crtf , which are assigned to 
this cellular phone 1 05, in a form encrypted with a public 
decryption key (public authentication key) KPmaster 
when this cellular phone 105 is registered, in advance, 

45 jn an administration department of an authentication 
mechanism or the like in the distribution system. 
[0291] A memory card 140 of the fifth embodiment 
likewise has structures for recording and holding public 
encryption key KPmedia and certificate data Crtf, which 

so are assigned to this memory card, in a form encrypted 
with public decryption key (public authentication key) 
KPmaster when this memory card 140 is registered, in 
advance, in the administration department of the au- 
thentication mechanism or the like in the distribution 

55 system. 

[0292] Memory card 1 40 and distribution server 1 2 in 
the fifth embodiment have structures for recording and 
holding public decryption key (public authentication key) 
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KPmaster. Public decryption key (public authentication 
key) KPmaster is common to the system, and is used 
by all the devices performing data output operations in 
the system, and more specifically is used in the opera- 
tions of transmitting the session keys for certificating the 
fact the device is authorized to perform mutual transmis- 
sion of data and for obtaining the encryption key used 
for sending the session key to the other party. 
[0293] Structures of cellular phone 1 05, memory card 
140 and distribution server 12 of the fifth embodiment 
will now be described in greater detail. 
[0294] Fig. 32 is a schematic block diagram showing 
the structure of cellular phone 105 in the fifth embodi- 
ment. 

[0295] Cellular phone 1 05 differs from cellular phone 
1 01 of the second embodiment shown in Fig. 1 2 in that 
a [KPp, Crtf]KPmaster holding unit 1525 for holding pub- 
lic encryption key KPp and certificate data Crtf, which 
are encrypted with public decryption key (public authen- 
tication key) KPmaster, is used instead of KPp holding 
unit 1524. 

[0296] Structures of cellular phone 1 05 other than the 
above are substantially the same as those of cellular 
phone 1 01 of the second embodiment shown in Fig. 1 2. 
The same portions bear the same reference numbers, 
and description thereof is not repeated. 
[0297] Fig. 33 is a schematic block diagram showing 
a structure of distribution server 12 corresponding to 
memory card 140 of the fifth embodiment. Distribution 
server 12 in Fig. 33 differs from distribution server 11 of 
the second embodiment shown in Fig. 11 in that data 
processing unit 31 0 further includes a KPmaster holding 
unit 324 for holding public decryption key KPmaster, and 
a decryption processing unit 326 for decrypting the data, 
which is applied over the communication network to da- 
ta bus BS1 via communication device 350, based on 
public decryption key KPmaster output from KPmaster 
holding unit 324. Encryption processing unit 316 en- 
crypts session key Ks generated by Ks generating unit 
314 with public encryption key KPmedia extracted by 
the decrypting processing of decryption processing unit 
326. Distribution control unit 312 determines whether 
the memory card and the cellular phone requesting for 
the distribution are regular or not, based on certificate 
data Crtf extracted by decrypting processing of decryp- 
tion processing unit 326. 

[0298] Structures of distribution server 12 other than 
the above are substantially the same as those shown in 
Fig. 12. The same portions bear the same reference 
numbers, and description thereof is not repeated. 
[0299] Fig. 34 is a schematic block diagram showing 
a structure of a memory card 1 40 of the fifth embodi- 
ment, and corresponds to Fig. 13 showing the second 
embodiment. 

[0300] The structure of memory card 140 of the fifth 
embodiment differs from the structure of memory card 
1 20 of the second embodiment in that memory card 1 40 
includes a [KPmedia, Crtf]KPmaster holding unit 1442 



for holding public encryption key KPmedia and certifi- 
cate data Crtf in a form encrypted with public decryption 
key (public authentication key) KPmaster. Further, se- 
lector switch 1436 is not employed, and the output of 
5 [KPmedia, Crtf]KPmaster holding unit 1442 is directly 
applied to data bus BS3. 

[0301] Additionally, memory card 140 includes KP- 
master holding unit 1450 for recording and holding pub- 
lic decryption key KPmaster, and a decryption process- 
10 jng unit 1 452 for decrypting data on data bus BS3 based 
on public decryption key KPmaster output from KPmas- 
ter holding unit 1450. 

[0302] Public encryption key KPmedia, which is de- 
crypted and extracted by decryption processing unit 

*s 1 452, is applied to encryption processing unit 1 430. Cer- 
tificate data Crtf, which is likewise decrypted and ex- 
tracted by decryption processing unit 1 452, is applied to 
controller 1420 via data bus BS5. 
[0303] Structures of memory card 1 40 other than the 

20 above are substantially the same as those of memory 
card 120 shown in Fig. 13. The same portions bear the 
same reference numbers, and description thereof is not 
repeated. 



[0304] Figs. 35 and 36 are first and second flowcharts 
representing the distribution mode using memory card 
140 shown in Fig. 34, respectively. 
[0305] In the operations shown in Figs. 35 and 36, us- 
er 1 uses cellular phone 1 05 provided with memory card 
1 40 for receiving the content data distributed from dis- 
tribution server 12. 

[0306] First, user 1 requests the distribution via cellu- 
lar phone 105, e.g., by operating keys or buttons on 
touch key unit 1108 (step S100). 
[0307] The public encryption key held in memory card 
140 is represented as public encryption key KPmedia 
(1) for distinguishing it from public encryption key KP- 
media in another memory card. Further, certificate data 
in memory card 1 40 and cellular phone 1 05 are indicat- 
ed by Crtf(1) and Crtf(p), respectively. 
[0308] In memory card 140, [KPmedia, Crtf]KPmaster 
holding unit 1442 responds to this distribution request 
by outputting data [KPmedia(1), Crtf(1)]KPmaster pre- 
pared by encrypting public encryption key KPmedia(1) 
and certificate data Crtf(1) (step S102'). 
[0309] Cellular phone 105 outputs data [KPmedia(1), 
Crtf(1)]KPmaster applied from memory card 140 as well 
as data [KPp, Crtf (p)] KPmaster applied from [KPp, Crtf] 
KPmaster holding unit 1 525 and the distribution request 
to distribution server 12 (step S103). 
[0310] When distribution server 12 receives the dis- 
tribution request as well as data [KPp, Crtf(p)]KPmaster 
and [KPmedia(1), Crtf (1)] KPmaster transferred from 
memory card 140 (step S104'), decryption processing 
unit 326 decrypts them with public decryption key KP- 
master to extract certificate data Crtf(1 ) and Crtf(p) as 
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well as public encryption key KPp and public encryption 
key KPmedia{1) (step S105). 
[0311] Based on certificate data Crtf(1) and Crtf(p) 
thus decrypted, distribution control unit 312 makes an 
inquiry to distribution server 12. When both certificate 
data Crtf(1 ) and Crtf(p) of the memory card and the cel- 
lular phone are regular certificate data (step S1 06'), the 
processing moves to the next step. When at least one 
of them is not regular data, the processing ends (step 
S154). 

[031 2] When it is determined from the inquiry that the 
data is regular certificate data, distribution server 1 2 pro- 
duces session key Ks from session key generating unit 
314. Further, encryption processing unit 316 in distribu- 
tion server 1 2 encrypts session key Ks to produce en- 
crypted session key [Ks]Kmedia(1) (step S108). 
[031 3] Then , distribution server 1 2 applies encrypted 
session key [Ks]Kmedia(1 ) to data bus BS1 . Communi- 
cation device 350 sends encrypted session key [Ks] 
Kmedia(1), which is applied from encryption processing 
unit 316, over the communication network to memory 
card 140 of cellular phone 105 (step S1 10). 
[0314] When cellular phone 105 receives encrypted 
session key [Ks]Kmedia(1) (step S112), decryption 
processing unit 1404 in memory card 140 decrypts the 
data applied to data bus BS3 via memory interface 1 200 
with private decryption key Kmedia(1) so that session 
key Ks is decrypted and extracted (step S114). 
[0315] In memory card 1400, Ks1 generating unit 
1432 produces session key Ks1 (step S115). 
[031 6] In the distribution mode, since selector switch 
1409 selects the state for successively closing contacts 
Pa and Pb, encryption processing unit 1406 encrypts 
session key Ks1 applied from session key generating 
unit 1432 via contact Pa and public encryption key KP- 
card(1) (public encryption key for memory card 140) ap- 
plied from KPcard(1) holding unit 1405 via contact Pb 
with session key Ks (step S116) to produce data [KP- 
card(1), Ks1]Ks (stepS118). 

[0317] Cellular phone 105 sends data [KPcard(1), 
Ks1 ]Ks encrypted by encryption processing unit 1 406 to 
distribution server 12 (step S120). 
[0318] In distribution server 12. communication de- 
vice 350 receives data [KPcard(1), Ks1]Ks (step S122), 
and decryption processing unit 318 decrypts data [KP- 
card(1), Ks1]Ks applied to data bus BS1 with session 
key Ks to decrypt and extract public encryption key KP- 
card(1) and session key Ks1 (step S124). 
[0319] Then, distribution control unit 312 produces li- 
cense information data License including license ID da- 
ta and others based on the data held in distribution in- 
formation database 304 and others (step S126). 
[0320] Distribution server 1 2 obtains encrypted con- 
tent data [Dc]Kc from distribution information database 
304, and sends it to memory card via communication 
device 350 (step S128). 

[0321] When cellular phone 105 receives encrypted 
content data [Dc]Kc (step S130), memory card 140 



stores encrypted content data [Dc]Kc thus received in 
memory card 1412 as it is (step S132). 
[0322] Distribution server 12 obtains license key Kc 
from distribution information database 304 (step S134), 
5 and encryption processing unit 320 encrypts license key 
Kc and license information data License applied from 
distribution control unit 312 with public encryption key 
KPcard(1) applied from decryption processing unit 318 
(step S1 36). 

w [0323] Encryption processing unit 322 receives data 
[Kc, License]Kcard(1 ) encrypted by encryption process- 
ing unit 320, and encrypts it with session key Ks1 , which 
is applied from memory card 140, for outputting the fur- 
ther encrypted data to data bus BS1 . Communication 

is device 350 sends data [[Kc, License]Kcard(1)]Ks1 en- 
crypted by encryption processing unit 322 to memory 
card 140. 

[0324] When cellular phone 105 receives data [[Kc, 
License]Kcard(1)]Ks1 (step S142), decryption process- 

20 ing unit 1410 in memory card 140 decrypts it with ses- 
sion key Ks1 applied from Ks1 generating unit 1432 via 
contact Pf so that data [Kc, License] Kcard( 1 ) is extract- 
ed and stored in memory 1412 (step S146). 
[0325] In memory card 140, decryption processing 

25 unit 1416 decrypts data [Kc, License] Kcard(1) stored in 
memory 1412 under the control of controller 1 420, and 
stores decrypted license information data License in 
register 1500 (step S148). 

[0326] Through the above described, memory card 
30 1 40 can receive the distributed data after memory card 
140 itself sends public encryption key KPmedia(1) and 
session key Ks1 to the sender side (distribution server 
1 2) of the encrypted content data, and thereby memory 
card 140 can enter the state, in which the music infor- 
ms mation can be reproduced. 

[0327] Further, memory card 1 40 sends a notification 
of distribution acceptance to distribution server 12. 
When distribution server 12 receives this distribution ac- 
ceptance notification (step S150), accounting database 
40 302 stores accounting data of user 1 (step S152), and 
the processing ends (step S154). 
[0328] In the distribution mode described above, the 
content data is distributed after the authentication of the 
memory card and cellular phone. Therefore, security of 
45 the system and the copyright protection are further en- 
hanced. 

[Reproduction Mode] 

so [0329] Figs. 37 and 38 are first and second flowcharts 
representing the reproducing processing performed in 
cellular phone 1 05 for decrypting the encrypted content 
data held in memory card 1 40 to produce music signals 
and output externally the same as music. 

55 [0330] Referring to Figs. 37 and 38, user 1 applies a 
reproduction request to cellular phone 105 via touch key 
unit 1108 or the like of cellular phone 105 (step S200). 
[0331] In response to this, cellular phone 105 sends 
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data [KPp, Crtf(p)]KPmaster to memory card 140 (step 
S241). 

[0332] When memory card 140 receives data [KPp, 
Crtf(p)]KPmaster, decryption processing unit 1452 per- 
forms the decryption to extract public encryption key 5 
KPp and data Crtf (step S243). 
[0333] Based on extracted certificate data Crtf, con- 
troller 1420 determines whether cellular phone 105 is a 
regular device or not (step S245). When it is a regular 
device, the processing moves to a next step S246. JO 
When it is not regular, the processing ends (step S280). 
[0334] When it is determined that cellular phone 1 05 
is a regular device, memory card 140 produces session 
key Ks1 (step S246). Memory card 140 further encrypts 
session key Ks1 with extracted public encryption key is 
KPp (step S248), and sends encrypted session key 
[Ks1]Kp thus produced to cellular phone 105 (step 
S250). 

[0335] When cellular phone 1 05 receives encrypted 
session key [Ks1 ]Kp from memory card 1 40, decryption 20 
processing unit 1522 decrypts it with private decryption 
key Kp to extract session key Ks1 produced by memory 
card 140 (step S252). Then, Ks generating unit 1502 
produces session key Ks (step S253), and encryption 
processing unit 1 504 in cellular phone 1 05 encrypts ses- 25 
sion key Ks produced by cellular phone 1 05 with session 
key Ks1 to produce encrypted session key [Ks]Ks1 (step 
S254) and send it to memory card 140 (step S256). 
[0336] Memory card 140 receives session key Ks, 
which was produced and encrypted by cellular phone 30 
1 05, via data bus BS2, and decrypts it with session key 
Ks1 to extract session key Ks, which was produced by 
cellular, phone 105 (step S258). 
[0337] Subsequently, controller 1 420 in memory card 
140 determines the reproducibility based on license in- 35 
formation data License held by register 1500 (step 

5259) . When it is reproducible, the processing moves 
to the next step. When it is not reproducible, the 
processing ends (step S280). 

[0338] In memory card 140, encrypted data [Kc, Li- *o 
cense]Kcard(1) is read out from memory 1412, and is 
decrypted by decryption processing unit 1416 (step 

5260) . 

[0339] When the data read from memory 1 41 2 is de- 
codable with private decryption key Kcard(1) (step 
S262), license key Kc is extracted (step S264). When it 
is not decodable, the processing ends (step S280). 
[0340] When data read from memory 1 41 2 is decoda- 
ble, processing is performed to change the data, which 
is contained in license information data License in reg- so 
ister 1500, and is related to the reproduction times (step 
S266). 

[0341] In memory card 140, encryption processing 
unit 1406 then encrypts license key Kc with extracted 
session key Ks (step S268), and applies encrypted li- 55 
cense key [Kc]Ks to data bus BS2 (step S270). 
[0342] Decryption processing unit 1506 in cellular 
phone 105 performs the decryption with session key Ks 



to obtain license key Kc (step S272). 
[0343] Then, memory card 140 reads out encrypted 
content data [Dc]Kc from memory 1412, and applies it 
to data bus BS2 (step S274). 
[0344] Audio decoding unit 1 508 in cellular phone 1 05 
decrypts encrypted content data [Dc]Kc with extracted 
license key Kc to produce plaintext content data (step 
S276), and reproduces music signals from the content 
data for applying them to mixing unit 1 51 0 (step S276). 
Digital-to-analog converter 1512 converts the data re- 
ceived from mixing unit 1510, and externally outputs the 
reproduced music. Then, the processing ends (step 
S232). 

[0345] Owing to the above structures, the memory 
card itself and the cellular phone itself produce session 
keys Ks1 and Ks, respectively, and the reproduction can 
be performed after the encrypted data is transmitted us- 
ing these keys. 

[0346] Further, the reproduction is performed after 
memory card 1 40 authenticates cellular phone 1 05. This 
improves the security of the system and the copyright 
protection. 

(Transfer Mode or Duplication Mode] 

[0347] Figs. 39 and 40 are first and second flowcharts 
representing the transfer or duplication of the content 
data, key data and others between two memory cards. 
[0348] It is assumed that a cellular phone 1 06 having 
substantially the same structure as cellular phone 105 
is on the sender side, and cellular phone 105 is on the 
receiver side. A memory card 142 having substantially 
the same structure as memory card 140 is attached to 
cellular phone 106. 

[0349] Cellular phone 1 06 first outputs a transfer re- 
quest or a duplication request to cellular phone 105 
(step S300). 

[0350] When cellular phone 1 05 receives this request 
(step S301), memory card 142 reads out encrypted con- 
tent data [Dc]Kc corresponding to this request from 
memory 1412, and outputs it to memory card 140 (step 
S302). Memory card 1 40 stores encrypted content data 
[Dc]Kc in memory 1412 (step S304). 
[0351] In cellular phones 106 and 105, it is then de- 
termined whether the request applied in step S300 is a 
"transfer request" or a "duplication req uest" (steps S306 
and S306'). When it is a "transfer request", memory card 
1 40 responds to this transfer request by outputting data 
[KPmedia(1), Crtf(1)]KPmaster, which is prepared by 
encrypting public encryption key KPmedia(1 ) and certif- 
icate data Crtf(1), from [KPmedia, Crtf]KPmaster hold- 
ing unit 1442 to cellular phone 105 (step S307). 
[0352] Cellular phone 105 sends data [KPmedia(1), 
Crtf(1)]KPmaster received from memory card 140 to cel- 
lular phone 106 (step S30S). 

[0353] In cellular phone 1 06, when data [KPmedia(1 ), 
Crtf(1)]KPmaster transferred from memory card 140 is 
received (step S309), decryption processing unit 1452 
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in memory card 1 42 decrypts it to extract certificate data 
Crtf(1) and public encryption key KPmedia(1) (step 
S310). 

[0354] Based on decrypted certificate data Crtf{1), 
controller 1420 performs the authentication. When it is 
determined that the access is made from a regular mem- 
ory card (step S311), the processing moves to a next 
step. When it is not a regular card, cellular phone 106 
notifies that the transfer is not allowed, and memory card 
142 ends the processing (step S374). When cellular 
phone 105 receives the notification that the transfer is 
not allowed (step S313), memory card 140 ends the 
processing (step S374). 

[0355] When it is determined in step S31 1 that the ac- 
cess is made from the regular memory card, Ks2 gen- 
erating unit 1432 of memory card 142 produces session 
key Ks2 (step S3 14), and encryption processing unit 
1430 encrypts session key Ks2 with public encryption 
key KPmedia(1) (step S315). 

[0356] Cellular phone 106 sends encrypted session 
key [Ks2]KPmedia(1 ) to cellular phone 1 05 (step S31 6). 
Cellular phone 105 receives encrypted session key 
[Ks2]KPmedia(1) (step S318), and transmits it to mem- 
ory card 1 40. Memory card 1 40 decrypts it by decryption 
processing unit 1404, and accepts session key Ks2 
(step S320). Further, session key Ks1 is produced in 
memory card 140 (step S321). 
[0357] In memory card 1 40, public encryption key KP- 
card(1) and session key Ks1 of memory card 140 are 
encrypted with session key Ks2 (step S322), and en- 
crypted data [KPcard(1), Ks1]Ks2 is sent from cellular 
phone 105 to cellular phone 106 (step S324). Cellular 
phone 106 receives data [KPcard(1), Ks1]Ks2 (step 
S326), and transfers it to memory card 142. 
[0358] In memory card 142, decryption processing 
unit 1410 decrypts encrypted data [KPcard(1), Ks1]Ks2 
sent from memory card 140 with session key Ks2 to ex- 
tract public encryption key KPcard(1) and session key 
Ks1 of memory card 140 in the decrypted form (step 
S330). 

[0359] In memory card 142, data [Kc, LicenseJKcard 
(2) corresponding to license key Kc and license infor- 
mation data License, which are encrypted with public 
encryption key KPcard(2) of memory card 142, is read 
out from memory 1412 (step S332). 
[0360] Then, decryption processing unit 1416 de- 
crypts license key Kc and license information data Li- 
cense with private decryption key Kcard(2) (step S334). 
[0361] Controller 1420 of memory card 142 substi- 
tutes a value of license information data License thus 
decrypted for a data value in register 1500 (step S336). 
[0362] Further, encryption processing unit 1414 of 
memory card 142 encrypts license key Kc and license 
information data License with public encryption key KP- 
card(1) of memory card 140 extracted by decryption 
processing unit 1410 (step S338). 
[0363] The data encrypted by encryption processing 
unit 1414 in memory card 142 is further applied to en- 



cryption processing unit 1406 via selector switch 1409 
having contact Pd in the closed position, and encryption 
processing unit 1 406 of memory card 1 42 encrypts data 
[Kc, License]Kcard{1) with session key Ks1 to produce 

5 data [[Kc, License]Kcard(1 )]Ks1 (step S340). 

[0364] Then, memory card 1 42 outputs data [[Kc, Li- 
cense]Kcard(1)]Ks1 to cellular phone 106 (step S342), 
and cellular phone 1 06 sends data [[Kc, License]Kcard 
(1)]Ks1 to cellular phone 105 (step S344). 

10 [0365] Cellular phone 105 receives data [[Kc, Li- 
cense]Kcard(1)]Ks1 (step S346), and transmits it to 
memory card 140. Decryption processing unit 1410 of 
memory card 140 decrypts encrypted data [[Kc, Li- 
cense]Kcard(1)]Ks1 to accept data [Kc, LicenseJKcard 

is (1)(stepS348). 

[0366] In memory card 140, data [Kc, LicenseJKcard 
(1) decrypted by decryption processing unit 1410 based 
on session key Ks1 is stored in memory 1412 (step 
S350). In memory card 140, decryption processing unit 

20 1416 decrypts data [Kc, License] Kcard(1 ) based on pri- 
vate decryption key Kcard(1), and decrypted license in- 
formation data License is stored in register 1500 (step 
S352). 

[0367] After the above processing, the processing in 

25 the transfer mode as well as the processing of memory 
cards 140 and 142 in the duplication mode are per- 
formed similarly to those of memory cards 120 and 122 
of the second embodiment, which are already described 
with reference to Figs. 1 8 and 1 9. Therefore, description 

30 thereof is not repeated. 

[0368] Owing to the above structure, each of the 
memory cards of the sender and the receiver produces 
the session key by itself, and thereby the transfer oper- 
ation and the duplication operation are allowed. 

35 [0369] Accordingly, the encryption key of the data 
transmitted on the data bus and others is uniqueto every 
session and every device so that the security of data 
transmission is further improved. 
[0370] Owing to the above structure, data transfer 

40 from memory card 1 42 to memory card 1 40 can be per- 
formed without using the cellular phone terminal having 
session key generating circuit 1502 described above, 
but with the interface device, which can connects the 
memory cards to each other. This further improves the 

45 convenience of the user. 

[0371] In the transfer mode, the license information 
data, which is contained in the reproduction information 
for restricting the times of reproduction, is updated by 
changing the license information data recorded in mem- 

so ory 1 41 2 into the license information data recording the 
times of reproduction, which were corrected upon every 
reproduction by register 1500. In this manner, even 
when the content data moves between the memory 
cards, such a control can be performed that the times 

55 of reproduction of the content data, of which reproduc- 
tion is allowed only restricted times, do not exceed the 
reproduction times determined at the time of distribu- 
tion. 
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[0372] Further, the transfer operation is performed af- 
ter memory card 142 authenticates memory card 140 
so that the system security and the copy right protection, 
are improved. 

[Sixth Embodiment] 

[0373] Fig. 41 is a schematic block diagram showing 
a structure of content data vending machine 3010 of a 
sixth embodiment of the invention, and corresponds to 
Fig. 27 showing the fourth embodiment. 
[0374] In the following description, a memory slot 
2030 for interface to memory card 140 already de- 
scribed in connection with the fifth embodiment is em- 
ployed, and memory card 1 40 and content data vending 
machine 301 0 can directly transmit the data to and from 
each other without interposing cellular phone 105 ther- 
ebetween, as can be done in the modification of the 
fourth embodiment. 

[0375] Naturally, such a structure may be employed 
that connector 201 0 is used for transmitting the data be- 
tween memory card 140 and content data vending ma- 
chine 3010 via cellular phone 105. 
[0376] Accordingly, the structure of content data 
vending machine 3010 differs from the structure of con- 
tent data vending machine 3000 of the fourth embodi- 
ment in that memory slot 2030 is employed instead of 
connector 2010, and data processing unit 2100 further 
includes a KPmaster holding unit 324 for holding public 
decryption key KPmaster and decryption processing 
unit 326 for decrypting the data, which is applied to data 
bus BS1 via communication device 350 and the com- 
munication network, based on public decryption key KP- 
master output from KPmaster holding unit 324. Encryp- 
tion processing unit 316 encrypts session key Ks gen- 
erated by Ks generating unit 314 with public encryption 
key KPmedia, which is extracted by the decrypting 
processing of decryption processing unit 326. Based on 
certificate data Crtf extracted by the decrypting process- 
ing of decryption processing unit 326, distribution con- 
trol unit 312 determines whether the memory card re- 
questing the distribution is a regular memory card or not. 
[0377] Structures of content data vending machine 
3010 other than the above are substantially the same 
as those of content data vending machine 3000 shown 
in Fig. 27. The same portions bear the same reference 
numbers, and description thereof is not repeated. 

[Distribution Mode] 

[0378] Figs. 42 and 43 are first and second flowcharts 
representing the distribution operation in the data distri- 
bution system using content data vending machine 
3010 already described with reference to Fig. 41 . 
[0379] Figs. 42 and 43 represent operations, in which 
user 1 uses memory card 140 for receiving the content 
data (music data) distributed from content data vending 
machine 3010. 



[0380] First, the user applies the distribution request, 
e.g., by operating keys or buttons on keyboard 2004 of 
content data vending machine 3010 (step S500). 
[0381 ] Content data vending machine 301 0 outputs a 
request for sending data [KPmedia, Crtf]KPmaster for 
authentication to memory card 140 (step S502'). 
[0382] In response to this request for sending, [KP- 
media, Crtf]KPmaster holding unit 1442 in memory card 
1 40 outputs data [KPmedia(1 ), Crtf(1 )]KPmaster, which 
is prepared by encrypting public encryption key KPme- 
dta(1) and certificate data Crtf (1), to content data vend- 
ing machine 3010 (step S507), 
[0383] When content data vending machine 301 0 re- 
ceives data [KPmedia(1), Crtf(1)]KPmaster transferred 
from memory card 140, decryption processing unit 326 
decrypts it with public decryption key KPmaster to ex- 
tract certificate data Crtf(1), public encryption key KPp 
and public encryption key KPmedia(1) (step S509). 
[0384] Based on decoded certificate data Crtf(1 ), dis- 
tribution control unit 31 2 determines whetherthe access 
is made by a regular memory card or not. When the reg- 
ular card is used (step S511), the processing moves to 
the next step. When the regular memory card is not 
used, record of abnormal ending is stored in the admin- 
istration database of administration server 2200 (step 
S561), and the processing ends (step S562). 
[0385] When content data vending machine 301 0 de- 
termines in step S511 that the regular card is used, dis- 
play 2002 displays a message or the like requesting coin 
dropping, and the charge is collected (step S512). 
[0386] Then, session key generating unit 314 in con- 
tent data vending machine 3010 produces session key 
Ks. In content data vending machine 3010, encryption 
processing unit 316 encrypts session key Ks with re- 
ceived public encryption key KPmedia(1 ) to produce en- 
crypted session key [Ks]Kmedia(1) (step S514). 
[0387] Then, content data vending machine 3000 ap- 
plies encrypted session key [Ks]Kmedia(1) to data bus 
BS1 , and outputs it from card slot 2030 (step S516). 
[0388] In memory card 140, decryption processing 
unit 1 404 decrypts encrypted session key [KsJKmedia 
(1 ), which is applied via interface 1 200 to data bus BS3, 
with private decryption key Kmedia(1 ) to extract session 
key Ks in the decrypted form (step S520). Further, ses- 
sion key Ks1 is produced in memory card 140 (step 
S521). 

[0389] In the distribution mode, selector switch 1408 
is in the state closing contact Pa so that encryption 
processing unit 1406 encrypts public encryption key KP- 
card(1) applied from KPcard(1) holding unit 1405 via 
contact Pa with session key Ks (step S522) to produce 
data [KPcard(1)]Ks (step S524). 
[0390] In content data vending machine 3010, data 
[KPcard(1)]Ks is received via card slot 2030 (step 
S528), and decryption processing unit 31 8 decrypts da- 
ta [KPcard(1)]Ks applied to data bus BS1 with session 
key Ks to extract public encryption key KPcard(1) in the 
decrypted form (step S530). 
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[0391] Then, distribution control unit 312 produces li- 
cense information data License containing license ID 
data and others based on the data held in distribution 
information database 304 and others (step S532). 
[0392] Content data vending machine 3010 obtains 
encrypted content data [Dc]Kc from distribution informa- 
tion database 304, and sends it to memory card 140 via 
card slot 2030 (step S534). 

[0393] Memory card 1 40 receives and stores encrypt- 
ed content data [Dc]Kc in memory 1412 as it is (step 
S538). 

[0394] Content data vending machine 301 0 obtains li- 
cense key Kc from distribution information database 304 
(step S540), and encryption processing unit 320 en- 
crypts license key Kc and license information data Li- 
cense sent from distribution control unit 31 2 with public 
encryption key KPcard(1) applied from decryption 
processing unit 318 (step S542). 
[0395] Encryption processing unit 322 receives data 
[Kc, License]Kcard(1 ) encrypted by encryption process- 
ing unit 320, and further encrypts it with session key Ks1 
to apply data [[Kc, License]Kcard(1)]Ks1 to data bus 
BS1 so that data [[Kc, License]Kcard(1)]Ks1 thus en- 
crypted by encryption processing unit 322 is sent to 
memory card 140 (step S546). 
[0396] In memory card 1410, decryption processing 
unit 1410 decrypts dataQKc, License]Kcard(1)]Ks1 with 
session key Ks1 to extract and store data [Kc, License] 
Kcard(1) in memory 1412 (step S552). 
[0397] Further, in memory card 140, decryption 
processing unit 1416 controlled by controller 1420 de- 
crypts data [Kc, License]Kcard(1) stored in memory 
1412, and stores decrypted license information data Li- 
cense in register 1500 (step S554). 
[0398] By the operations described above, memory 
card 140 enters the state, in which the music can be 
produced from the content data. 
[0399] Further, memory card 1 40 sends a notification 
of distribution acceptance to content data vending ma- 
chine 3010 (step S558). When content data vending 
machine 3010 receives the distribution acceptance, a 
sales record is sent to the administration database in 
administration server 2200 (step S560), and the 
processing ends (step S562). 
[0400] Owing to the structures described above, the 
user can receive more easily the distributed content da- 
ta such as music data in the encrypted form. Further, 
the content data is distributed after the authentication of 
the memory card. Therefore, the system security and 
the copyright protection are further enhanced. 

[Seventh Embodiment] 

[0401] Fig. 44 is a schematic block diagram showing 
a structure of a cellular phone 107 of the seventh em- 
bodiment. 

[0402] Cellular phone 107 in Fig. 44 differs from cel- 
lular phone 105 of the fifth embodiment shown in Fig. 



32 in that cellular phone 107 includes a Kcom holding 
unit 1 530 for holding a decryption key Kcom common to 
reproduction devices (i.e., cellular phones), and a de- 
cryption processing unit 1532, which receives the output 
5 of decryption processing unit 1506, performs the de- 
cryption with decryption key Kcom, and applies license 
key Kc to audio decoding unit 1508. 
[0403] Structures of cellular phone 107 other than the 
above are substantially the same as those of cellular 
10 phone 1 05 of the fifth embodiment shown in Fig. 32. The 
same portions bear the same reference numbers, and 
description thereof is not repeated. Memory card 140 
has substantially the same structure. 
[0404] Thus, the structures in the seventh embodi- 
es ment are substantially the same as those of the fifth em- 
bodiment except for that license key Kc transmitted be- 
tween the devices forming the system takes the further 
encrypted form of [Kc]Kcom before license key Kc is fi- 
nally applied to audio decoding unit 1 508 in the seventh 
20 embodiment. 

[0405] In the following description, it is assumed that 
decryption key Kcom is a common key. However, the 
invention is not restricted to this. For example, such a 
structure may be employed that encryption is performed 
25 with public key KPcom, and decryption is performed with 
private decryption key Kcom asymmetrical to public en- 
cryption key KPcom. 

[0406] Fig. 45 is a schematic block diagram showing 
a structure of a distribution server 13 corresponding to 

30 cellular phone 107 in the seventh embodiment. The 
structure of distribution server 13 differs from the struc- 
ture of distribution server 12 of the fifth embodiment 
shown in Fig. 33 in that data processing unit 31 0 further 
includes a Kcom holding unit 330 holding decryption key 

35 Kcom, and an encryption processing unit 332, which de- 
crypts license key Kc applied from distribution informa- 
tion database 304 via distribution control unit 312 with 
decryption key Kcom to produce and apply an encrypted 
license key [Kc]Kcom to encryption processing unit 320. 

40 [0407] Structures of distribution server 13 other than 
the above are substantially the same as those of distri- 
bution server 12 of the fifth embodiment shown in Fig. 
33. The same portions bear the same reference num- 
bers, and description thereof is not repeated. 

45 

[Distribution Mode] 

[0408] Figs. 46 and 47 are first and second flowcharts 
representing the distribution mode using distribution 
so server 1 3 and cellular phone 1 07 already described with 
reference to Figs. 44 and 45. 

[0409] Figs. 46 and 47 likewise represent operations, 
in which user 1 uses memory card 140 for receiving the 
content data (music data) distributed from distribution 
55 server 13. 

[0410] However, the processing shown in Figs. 46 
and 47 is substantially the same as the processing in 
the distribution mode of the fifth embodiment shown in 
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Figs. 35 and 36 except for that distribution server 1 3 ob- 
tains license key Kc from distribution information data- 
base 304 in step S314, and then key Kc is encrypted by 
encryption processing unit 322 (step S135), and will be 
transmitted as encrypted license key [Kc]Kcom. There- 
fore, description thereof is not repeated. 
[041 1 ] The distribution mode described above further 
enhances the system security, as compared with the 
fifth embodiment. 

[Reproducing Operation] 

[041 2] Figs. 48 and 49 are first and second flowcharts 
representing the reproducing operation, in which music 
signals are reproduced from encrypted content data 
held in memory card 1 40 of cellular phone 1 07, and are 
externally output as music. 

[041 3] However, the reproducing operations shown in 
Figs. 48 and 49 are the same as the reproducing oper- 
ations of the fifth embodiment shown in Figs. 37 and 38 
in that the key read in step S264 from memory 1412 of 
memory card 140 is encrypted license key [Kc]Kcom, 
and is transmitted as encrypted license key [Kc]Kcom 
to cellular phone 107, and decryption processing unit 
1532 in cellular phone 107 decrypts key [Kc]Kcom in 
step S273 to produce and output license key Kc to audio 
decoding unit 1508. Therefore, description of the same 
operations is not repeated. 

[0414] Owing to the above structure, the system se- 
curity and the copyright protection are further improved 
in the reproduction mode. 

[Transfer or Duplication Mode] 

[0415] Figs. 50 and 51 are first and second flowcharts 
representing the processing of transferring or duplicat- 
ing the content data, key data and others between two 
memory cards in the seventh embodiment. 
[0416] The operations in Figs. 50 and 51 are substan- 
tially the same as those in the transfer or duplication 
mode of the fifth embodiment already described with ref- 
erence to Figs. 39 and 40 except for that license key Kc 
is transmitted as encrypted license key [Kc]Kcom. 
Therefore, description thereof is not repeated. 
[0417] The above structure further improves the sys- 
tem security and copyright protection in the transfer and 
duplication mode. 

[Eighth Embodiment] 

[0418] Fig. 52 is a schematic block diagram showing 
a structure of a content data vending machine 3020 of 
an eighth embodiment of the invention, and corre- 
sponds to Fig. 41 showing the sixth embodiment. 
[0419] The structure of content data vending machine 
3020 differs from the structure of content data vending 
machine 3010 of the sixth embodiment in that data 
processing unit 21 00 further includes Kcom holding unit 



330 holding decryption key Kcom, and encryption 
processing unit 332, which encrypts license key Kc ap- 
plied from distribution information database 304 via dis- 
tribution control unit 312 with decryption key Kcom, and 
5 applies encrypted license key [Kc]Kcom to encryption 
processing unit 320. 

[0420] Structures of content data vending machine 
3020 other than the above are substantially the same 
as those of content data vending machine 3010 of the 
10 sixth embodiment shown in Fig. 41 . The same portions 
bear the same reference numbers, and description 
thereof is not repeated. 

[0421] Naturally, the eighth embodiment can employ 
the structure, in which connector 2010 is used for trans- 
15 mitting data between memory card 1 40 and content data 
vending machine 3020 via cellular phone 1 07. 

[Distribution Mode] 

20 [0422] Figs. 53 and 54 are first and second flowcharts 
representing the distribution mode in the data distribu- 
tion system, which uses content data vending machine 
3020 already described with reference to Fig. 52. 
[0423] Figs. 53 and 54 represent operations, in which 

25 user 1 uses memory card 1 40 for receiving the content 
data (music data) distributed from content data vending 
machine 3020. 

[0424] However, the processing shown in Figs, 53 
and 54 is substantially the same as the processing in 

30 the distribution mode of the fifth embodiment shown in 
Figs. 42 and 43 except for that content data vending ma- 
chine 3020 obtains license key Kc from distribution in- 
formation database 304 in step S540, and then encryp- 
tion processing unit 322 encrypts license key Kc (step 

35 S541) for transmitting it as encrypted license key [Kc] 
Kcom thereafter. Therefore, description thereof is not re- 
peated. 

[0425] The distribution mode described above further 
enhances the system security, as compared with the 

40 sixth embodiment. 

[0426] In the above description, the encrypted content 
data is distributed and stored in memory 1412 of mem- 
ory card 110, 120 or 140, and then license key Kc and 
license information data License are received. In con- 

45 trast to the above, such a manner may be employed that 
the encrypted content data is distributed and received 
after license key Kc and license information data Li- 
cense are distributed and stored in register 1500 of 
memory card 110, 1 20 or 1 40. 

so [0427] In the transfer mode, any one of the encrypted 
content data, license key Kc and license information da- 
ta License can be transferred prior to the others, simi- 
larly to the distribution mode. 
[0428] In the embodiments described above, addi- 

55 tional data Di may be distributed as a part of the distrib- 
uted data together with the encrypted content data. This 
additional data Di maybe non-encrypted data appended 
to the content data, and may be, for example, copyright 
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information related to the music data (content data) such 
as title of a tune of the music data and names of a per- 
former (e.g., singer or player), a composer and/or a lyric 
writer, and/or information for accessing distribution serv- 
er 10 or 11, or content data vending machine 3000 or 5 
3001 . Additional data Di is stored in memory 1 41 2 such 
that additional data Di can be processed together with 
the content data in the distribution, transfer and dupli- 
cation operations, and is separated from the content da- 
ta for allowing independent access in the reproducing 
operation. 

[Ninth Embodiment] 

[0429] Fig. 55 is a schematic block diagram showing 
a structure of terminal 1202 of memory card 110, 120, 
140 or the like described above. 
[0430] It is assumed that the structure of terminal 
1202 in Fig. 55 is employed in memory card 140. 
[0431 ] Memory card 1 40 is serially supplied with data 
and commands from terminal 1202. In contrast to this, 
it is assumed that the data and commands are transmit- 
ted in parallel to data bus BS3 in memory card 140. 
[0432] Fig. 55 is a schematic block diagram showing 
a structure for performing serial-to-parallel conversion 
of data for input to memory card 1 40 and parallel-to-se- 
rial conversion of data for output. 
[0433] A data pin 1460 in terminal 1202 is supplied 
with a signal CS, which is a signal for instructing timing 
of input and output of data. For example, data applied 
to a data input pin 1462 attains L-level when a prede- 
termined period expires after signal CS becomes active 
(L-level), whereby the timing of data input is detected. 
Similarly, the data output to a data output pin 1464 at- 
tains L-level when a predetermined period expires after 
activation (L-level) of signal CS, whereby the timing of 
data output is detected. An interface controller 1490 
controls external input of data via data bus BS3 to mem- 
ory card 140, and also controls external output of data 
via data bus BS3 from memory card 1 40. 
[0434] In the data input operation, data applied to data 
input pin 1462 is input via buffer 1468 to D-flip-flops 
1470.0 - 14707 connected in tandem. When eight bits 
of data are input, data of all D-flip-flops 1470.0 - 1470.7 
are updated. At this point in time, data are output in par- 
allel to data bus BS3 from data buffers 1427.0 - 1427.7 
under the control of interface controller 1490. 
[0435] At the time of data output, data are given in 
parallel from data bus BS3 via multiplexers 1476.1 - 
1476.7, and are stored in D-flip-flops 1474.0 - 1474.7. 
Thereafter, connection of multiplexers 1476.1 - 1476.7 
is changed under the control of interface controller 1 490 
to connect D-flip-flops 1 474.0 - 1 474.7 in tandem. In this 
state, data stored in respective D-flip-flops 1474.0 - 
14747 is serially output from data output pin 1464 via 
an output buffer 1470 controlled by interface controller 
1490. 



[Modification of the Ninth Embodiment] 

[0436] Fig. 56 is a schematic block diagram showing 
a modification of the structure of terminal 1 202 of mem- 
ory card 140, and particularly showing a structure, in 
which the data input pin(s) can be changed in number 
from one to two or four for improving the data input 
speed. 

[0437] The structure of this modification differs from 
the structure shown in Fig. 55 in that the structure in Fig. 
56 includes four data input pins 1462.0 - 1462.3 as well 
as corresponding input buffers 1468.0 - 1468.3. Further, 
the structure in Fig. 56 includes a multiplexer 1467 for 
transmitting commands, which are applied to data input 
pins 1 462.0 - 1 462.3, from input buffers 1 468.0 - 1 468.3 
to interface controller 1490, and multiplexers 1469.1 - 
14697 for selectively applying data or commands, 
which are applied to data input pins 1462.0 - 1462.3, 
from input buffers 1468.0 - 1468.3 to D-flip-flops 1470.0 
-1470.7. 

[0438] Operations will now be described briefly. 
[0439] After the power-on, memory card 140 first en- 
ters the state for receiving data only from one data input 
pin 1462.0. 

[0440] In the following description, it is assumed that 
interface controller 1490 controls multiplexers 1469.1 - 
14697 in accordance with a command, which is exter- 
nally applied via data input pins 1462.0 - 1462.3 and 
multiplexer 1 467 to interface controller 1 490, and there- 
by the operation mode changes into a mode for receiv- 
ing data in parallel via four data input pins 1462.0 - 
1462.3. 

[0441] Data applied to four data input pins 1462.0 - 
1462.3 in accordance with first timing is applied to D- 
flip-flops 1470.0 - 1470.3 via multiplexers 1469.1 - 
1469.3, respectively. 

[0442] In accordance with second timing, connection 
of multiplexers 1469.1 - 14697 changes so that the out- 
puts of D-flip-flops 1470.0 - 1470.3 are applied to D-flip- 
flops 1470.4 - 1470.7 for storing. In accordance with 
third timing, data applied to four data input pins 1462.0 
- 1462.3 is applied via multiplexers 1469.1 - 1469.3 to 
D-flip-flops 1470.0-1470.3. 

[0443] By the above operations, eight bits of data are 
completely stored in D-flip-flops 1470.0 - 1470.7. There- 
after, eight bits of data are applied in parallel to data bus 
BS3, similarly to the operations shown in Fig. 55. 
[0444] Operations for data output are performed sim- 
ilarly to that of the structure shown in Fig. 55. 
[0445] Owing to the structure described above, it is 
possible to reduce a time required for data distribution, 
and particularly for operations of distributing data to 
memory card 1 40 for purchasing content data from con- 
tent data vending machine 2000 or the like. 
[0446] For some of the embodiments described 
above, description has been given on the processing of 
transferring content data between two memory cards, 
which are attached to two cellular phones, respectively, 
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by utilizing, e.g., a transceiver mode of PHSs. In these 
embodiments utilizing the transceiver mode or the like, 
structures are not restricted to those already described, 
and two memory cards may be simultaneously attached 
to one cellular phone, if allowed, for transferring the con- 5 
tent data between the two memory cards on the same 
cellular phone. The transfer of the content data in this 
case can be performed substantially in the same man- 
ner as those in the various embodiments already de- 
scribed except for the transmission between the two eel- w 
lular phones is eliminated. 

[0447] In the respective embodiments already de- 
scribed, memory 1412 stores license key Kc in the en- 
crypted form. However, register 1500 may store license 
key Kc in a decrypted plaintext form. This is allowed be- 
cause register 1500 is arranged within theTRM region, 
and license key Kc cannot be read out from an external 
region. 

[0448] In the respective embodiments already de- 
scribed, encrypted content data [Dc]Kc and license key 20 
Kc are stored in the memory card releasably attached 
to cellular phone 1 00 or the like. However, a circuit hav- 
ing a function similar to that of the memory card may be 
incorporated into a cellular phone. In this case, the keys 
are not defined corresponding to the respective types of 25 
memory cards and the respective memory cards, but 
are defined corresponding to the respective types of the 
incorporated circuits and corresponding to the respec- 
tive incorporated circuits. 

[0449] Although the present invention has been de- 30 
scribed and illustrated in detail, it is clearly understood 
that the same is by way of illustration and example only 
and is not to be taken by way of limitation, the spirit and 
scope of the present invention being limited only by the 
terms of the appended claims. 35 



Claims 

1 . A data distribution system for distributing encrypted *o 
content data to each of terminals of a plurality of 
users from a content data supply device, compris- 
ing: 

a first interface unit (350) for externally trans- 
mitting data; 

a first session key generating unit (31 4) for pro- 
ducing a first symmetric key to be updated in 
response to every transmission of said encrypt- 
ed content data; so 
a session key encryption processing unit (316) 
for encrypting said first symmetric key with a 
first public encryption key predetermined cor- 
responding to said user's terminal, and apply- 
ing the encrypted first symmetric key to said 55 
first interface unit; 

a session key decrypting unit (31 8) for decrypt- 
ing returned data encrypted with said first sym- 



metric key; 

a first license data encryption processing unit 
(320) for encrypting a license key for decrypting 
said encrypted content data using, as key data, 
the data decrypted by said session key decrypt- 
ing unit; and 

a second license data encryption processing 
unit (322) for further encrypting an output of 
said first license data encryption processing 
unit with a second symmetric key, and applying 
the encrypted output to said first interface unit 
for distribution, wherein 

each of said terminals (100) includes: 

a second interface unit for externally transmit- 
ting the data, and 

a distributed data decoding unit (1 1 0) for receiv- 
ing and storing said encrypted content data; 
and 

said distributed data decoding unit includes: 

a first key holding unit (1402) for holding a 
first private decryption key for decrypting 
the data encrypted by said first public en- 
cryption key, 

a first decryption processing unit (1404) for 
receiving and decrypting said first symmet- 
ric key encrypted with said first public en- 
cryption key, 

a second key holding unit (1405) for hold- 
ing a second public encryption key, 
a first encryption processing unit (1406) for 
encrypting said second public encryption 
key based on said first symmetric key, and 
outputting the encrypted second public en- 
cryption key to said second interface unit, 
a second decryption processing unit 
(1410) for receiving the license key en- 
crypted by said second license data en- 
cryption processing unit, and decrypting 
the received license key based on said 
second symmetric key, 
a first memory unit (1412) for storing said 
encrypted content data allowing decryption 
based on said license key, 
a third key holding unit (1415) for holding 
a second private decryption key for de- 
crypting the data encrypted with said sec- 
ond public encryption key. and 
a third decryption processing unit (1416) 
for decrypting said license key with said 
second private decryption key based on a 
result of the decryption by said second de- 
cryption processing unit. 



The data distribution system according to claim 1 , 
wherein 
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said distributed data decoding unit is a mem- 
ory card releasably attached to said terminal, 

said first private decryption key is predeter- 
mined depending on the type of said memory card, 
and 

said second private decryption key is unique 
to each of said memory cards. 

3. The data distribution system according to claim 1 , 
wherein 

said first private decryption key is predeter- 
mined in advance depending on a type of said dis- 
tributed data decoding unit, and 

said second private decryption key is unique 
to said distributed data decoding unit. 

4. The data distribution system according to claim 2, 
wherein 

said second and third decryption processing 
units receive license information data encrypted by 
said content data supply device with said second 
public encryption key, further decrypted with said 
second symmetric key and distributed together with 
said license key via said second interface unit, and 
decrypts the received license information data with 
said second symmetric key and said second private 
decryption key; and 

said distributed data decoding unit further in- 
cludes a second memory unit (1 500) for storing said 
decrypted license information data. 

5. The data distribution system according to claim 4, 
wherein 

said second memory unit further stores said 
license key decrypted by said third decryption 
processing unit. 

6. The data distribution system according to claim 4, 
wherein 

said first symmetric key and said second sym- 
metric key have the same key data produced by 
said first session key generating unit at the time of 
communication of said encrypted content data. 

7. The data distribution system according to claim 6, 
wherein 

said distributed data decoding unit further in- 
cludes a control unit for determining reproducibility 
based on the license information data stored in said 
second memory unit in response to the externally 
instructed reproducing operation mode, and con- 
trolling the operations of said distributed data de- 
coding unit; 

said first encryption processing unit is control- 
led by said control unit to receive said license key 
from said third decryption processing unit in re- 
sponse to the instruction of the reproducing opera- 
tion of said content data, and encrypt the received 



license key with a third symmetric key for output; 

said first memory unit is controlled by said 
control unit to output said encrypted content data in 
response to the instruction of the reproducing oper- 
5 ation of said content data; and 

each of said terminals further includes: 

a second session key generating unit (1 502) for 
producing said third symmetric key to be updat- 

10 ed in response to every transmission of said en- 

crypted content data, and 
a content data reproducing unit (1506, 1508) 
operating to receive, decrypt and extract said 
license key encrypted with said third symmetric 

'5 key applied from said distributed data encrypt- 

ing unit, and operating to decrypt and repro- 
duce said encrypted content data output from 
said first memory unit with said license key. 

20 8. The data distribution system according to claim 7, 
wherein 

said distributed data decoding unit includes: 

a control unit (1420) for controlling an operation 
25 of said distributed data decoding unit in accord- 

ance with a transfer operation mode for trans- 
ferring said encrypted content data and said li- 
cense information data to externally designated 
another terminal, and 
30 a second encryption processing unit (1 41 4) for 

performing encryption with a third public en- 
cryption key; 

said second decryption processing unit is con- 
trolled by said control unit to decrypt and extract 
35 said third public encryption key encrypted with 

said third symmetric key and sent from the side 
of said externally designated terminal in re- 
sponse to the designation of said transfer op- 
eration mode; 

40 said second encryption processing unit en- 

crypts said license key and said license infor- 
mation data with said third public encryption 
key in response to the designation of said trans- 
fer operation mode; 

45 said first encryption processing unit receives 

and encrypts the output of said second encryp- 
tion processing unit based on said third sym- 
metric key for applying the encrypted output to 
said second interface unit; 

50 said control unit erases said license information 

data stored in said second memory unit in re- 
sponse to designation of said transfer operation 
mode; and 

said first memory unit applies said encrypted 
55 content data to said second interface unit in re- 

sponse to designation of said transfer operation 
mode. 
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9. The data distribution system according to claim 7, 
wherein 

said distributed data decoding unit further in- 
cludes a control unit for controlling said distributed 
data decoding unit in response to a duplication op- 
eration mode for transferring said encrypted con- 
tent data to externally designated another terminal, 
and 

said first memory unit applies said encrypted 
content data to said second interface unit in re- 
sponse to designation of said duplication operation 
mode. 

10. The data distribution system according to claim 4, 
wherein 

said distributed data decoding unit further in- 
cludes: 

a third session key generating unit (1432) for 
producing said second symmetric key and 
a third encryption processing unit ( 1 430) for en- 
crypting and applying the output of said third 
session key generating unit to said second in- 
terface unit. 

11 . The data distribution system according to claim 1 0, 
wherein 

said distributed data decoding unit further in- 
cludes a control unit for determining reproducibility 
based on the license information data stored in said 
second memory unit in response to the externally 
instructed reproducing operation mode, and con- 
trolling the operations of said distributed data de- 
coding unit; 

said third encryption processing unit encrypts 
the output of said third session key generating unit 
with a fourth public encryption key and output the 
encrypted output to said second interface unit; 

said first encryption processing unit is control- 
led by said control unit to receive said license key 
from said third decryption processing unit in re- 
sponse to the instruction of the reproducing opera- 
tion of said content data, and encrypt the received 
license key with a third symmetric key for output; 

said first memory unit is controlled by said 
control unit to output said encrypted content data in 
response to the instruction of the reproducing oper- 
ation of said content data; and 

each of said terminals further includes: 

a second session key generating unit (1 502) for 
producing said third symmetric key to be updat- 
ed in response to every transmission of said en- 
crypted content data, 

a public key holding unit (1524) for applying 
said fourth public encryption key to said distrib- 
uted data decoding unit, 
a public key decrypting unit (1522) for decrypt- 



ing said second symmetric key decrypted with 
said fourth public encryption key, and 
a content data reproducing unit (1506, 1508) 
operating to receive, decrypt and extract said 
5 license key encrypted with said third symmetric 

key applied from said distributed data encrypt- 
ing unit, and operating to decrypt and repro- 
duce said encrypted content data output from 
said first memory unit with said license key 

w 

12. The data distribution system according to claim 1 1 , 
wherein said distributed data decoding unit in- 
cludes: 

'5 a control unit for controlling an operation of said 

distributed data decoding unit in accordance 
with a transfer operation mode for transferring 
said encrypted content data and said license 
information data to externally designated an- 

20 other terminal, and 

a second encryption processing unit for per- 
forming encryption with a third public encryp- 
tion key; 

said second decryption processing unit is con- 
25 trolled by said control unit to decrypt and extract 

said third public encryption key encrypted with 
said third symmetric key and sent from the side 
of said externally designated terminal in re- 
sponse to the designation of said transfer op- 
30 eration mode; 

said second encryption processing unit en- 
crypts said license key and said license infor- 
mation data with said third public encryption 
key in response to the designation of said trans- 
35 fer operation mode; 

said first encryption processing unit receives 
and encrypts the output of said second encryp- 
tion processing unit based on said third sym- 
metric key for applying the encrypted output to 
40 said second interface unit; 

said control unit erases said license information 
data stored in said second memory unit in re- 
sponse to designation of said transfer operation 
mode; and 

45 said first memory unit applies said encrypted 

content data to said second interface unit in re- 
sponse to designation of said transfer operation 
mode. 

so 1 3. The data distribution system according to claim 1 1 , 
wherein 

said distributed data decoding unit further in- 
cludes a control unit for controlling said distributed 
data decoding unit in response to a duplication op- 
55 eration mode for transferring said encrypted con- 
tent data to externally designated another terminal, 
and 

said first memory unit applies said encrypted 
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content data to said second interface unit in re- 
sponse to designation of said duplication operation 
mode. 

14. The data distribution system according to claim 1, 
wherein 

said first and second interface units are con- 
nected together over a cellular phone network, and 

said content data supply device authenticates 
said user based on said first public encryption key. 

15. The data distribution system according to claim 1, 
wherein 

said first interface unit includes a connecting 
unit (201 0) directly connectable to said terminal. 

16. The data distribution system according to claim 2, 
wherein 

said first interface unit includes a connecting 
unit (2030) directly connectable to said memory 
card. 

17. A data distribution system for distributing at least 
one of encrypted data and a license key for decrypt- 
ing said encrypted content data from a content data 
supply device to each of terminals of a plurality of 
users, comprising: 

a first interface unit (350) for externally trans- 
mitting data; 

a first session key generating unit (314) for pro- 
ducing a first symmetric key to be updated in 
response to every transmission of said encrypt- 
ed content data; 

a session key encryption processing unit (316) 
for encrypting said first symmetric key with a 
first public encryption key predetermined cor- 
responding to said user's terminal, and apply- 
ing the encrypted first symmetric key to said 
first interface unit; 

a session key decrypting unit (31 8) for decrypt- 
ing and extracting a second symmetric key and 
a second public encryption key both encrypted 
with said first symmetric key and returned; 
a first license data encryption processing unit 
(320) for encrypting a license key for decrypting 
said encrypted content data with said second 
public encryption key decrypted by said ses- 
sion key decrypting unit; and 
a second license data encryption processing 
unit (322) for further encrypting an output of 
said first license data encryption processing 
unit with said second symmetric key, and ap- 
plying the encrypted output to said first inter- 
face unit for distribution, wherein 

each of said terminals includes: 



a second interface unit for externally transmit- 
ting the data, and 

a distributed data decoding unit (140) for re- 
ceiving and storing said encrypted content data 
s and said license key; 

said distributed data decoding unit includes: 

a first key holding unit (1402) for holding a 
first private decryption key for decrypting 
10 the data encrypted by said first public en- 

cryption key, 

a first decryption processing unit (1 404) for 
receiving and decrypting said first symmet- 
ric key encrypted with said first public en- 

*s cryption key, 

a second key holding unit (1405) for hold- 
ing a second public encryption key, 
a second session key generating unit 
( 1 432) for producing said second symmet- 

20 ric key, 

a first encryption processing unit (1 406) for 
encrypting said second public encryption 
key and said second symmetric key based 
on said first symmetric key, and outputting 

25 the encrypted keys to said second inter- 

face unit, 

a second decryption processing unit 
(1410) for receiving the license key en- 
crypted by said second license data en- 

30 cryption processing unit, and decrypting 

the received license key based on said 
second symmetric key, 
a memory unit for storing said encrypted 
content data allowing decryption with said 

35 license key, 

a third key holding unit (1415) for holding 
a second private decryption key for de- 
crypting the data encrypted with said sec- 
ond public encryption key, 

40 a third decryption processing unit (1416) 

for decrypting and extracting said license 
key with said second private decryption 
key based on a result of the decryption by 
said second decryption processing unit, 

45 and 

a first authentication data holding unit 
(1442) for encrypting first authentication 
data containing at least said first public en- 
cryption key in a manner decodable with a 

so public authentication key, and holding the 

encrypted first authentication data for ex- 
ternal output; and 

said content data supply device further in- 
55 eludes: 

a first authentication decryption processing unit 
(326) for decrypting and extracting said exter- 
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nalty applied first authentication data decoda- 
ble with said public authentication key, and 
a distribution control unit (312) for performing 
authentication processing based on said first 
authentication data extracted by said first au- 5 
thentication decryption processing unit, and de- 
termining at least whether the license key is to 
be distributed or not. 



18. The data distribution system according to claim 17, 
wherein 

said memory unit includes first memory 
means (1412) for storing said license key and said 
encrypted content data each decrypted by said sec- 
ond decryption processing unit into a form decoda- 
ble with said second private decryption key. 

19. The data distribution system according to claim 17, 
wherein said memory unit includes: 

first memory means (1412) for storing said en- 
crypted content data, and 
second memory means (1500) for storing said 
license key decrypted by said third decryption 
processing unit. 

20. The data distribution system according to claim 17, 
wherein 

said distributed data decoding unit is a mem- 
ory card releasably attached to said terminal, 

said first private decryption key takes a value 
predetermined depending on the type of said mem- 
ory card, and 

said second private decryption key is unique 
to each of said memory cards. 

21 . The data distribution system according to claim 17, 
wherein 

said first private decryption key takes a value 
predetermined depending on a type of said distrib- 
uted data decoding unit, and 

said second private decryption key is unique 
to said distributed data decoding unit. 

22. The data distribution system according to claim 1 7, 
wherein 

each of said terminals further includes a con- 
tent reproducing unit, and 

said content reproducing unit further includes 
a second authentication data holding unit (1 525) for 
encrypting second authentication data including at 
least a predetermined third public encryption key in- 
to a form decodable with said public authentication 
key, and holding the encrypted second authentica- 
tion data for external output. 

23. The data distribution system according to claim 22, 
wherein 



said first authentication decryption process- 
ing unit further decrypts said second authentication 
data encrypted into a form decodable with said pub- 
lic authentication key, and outputs the said second 
authentication data, and 

said distribution control unit performs authen- 
tication based on said first and second authentica- 
tion data extracted by said first authentication de- 
cryption processing unit, and determines at least 
10 whether the license key is to be distributed or not. 

24. The data distribution system according to claim 17, 
wherein 

said first and second interface units are con- 
's nected over a cellular phone network. 

25. The data distribution system according to claim 17, 
wherein 

said first interface unit includes a connecting 
20 unit directly connectable to said terminal. 

26. The data distribution system according to claim 20, 
wherein 

said first interface unit includes a connecting 
25 unit directly connectable to said data storing unit. 

27. The data distribution system according to claim 26, 
wherein 

said distributed data decoding unit includes a 
30 plurality of terminals (1 462.0 - 1 462.3) for receiving 
data from said connecting unit, and 

the number of the terminals receiving the data 
from said connecting unit is changeable in accord- 
ance with an externally applied instruction. 

35 

28. The data distribution system according to claim 22, 
wherein 

said memory unit receives the output of said 
second decryption processing unit, and stores said 
40 license key encrypted into a form decodable with 
said second private decryption key; 

said content reproducing unit includes: 

a fourth key holding unit (1520) for holding a 
45 third private decryption key used for decrypting 

the data encrypted with said third public encryp- 
tion key, 

a fourth decryption processing unit (1522) for 
decrypting and extracting said second symmet- 
so ric key externally encrypted with said third pub- 

lic encryption key, 

a third session key generating unit (1502) for 
producing a third symmetric key, 
a second encryption processing unit (1504) for 
55 encrypting said third symmetric key based on 

said second symmetric key decrypted and ex- 
tracted by said fourth decryption processing 
unit, 
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a fifth decryption processing unit (1506) for de- 
crypting and extracting the license key encrypt- 
ed outside said content reproducing unit based 
on said third symmetric key, and 
a data reproducing unit (1508) for decrypting 
and reproducing the encrypted content data re- 
corded in said memory unit with said extracted 
license key; 

said distributed data decoding unit includes: 

a second authentication decryption processing 
unit (1452) for extracting said third public en- 
cryption key by decrypting said second authen- 
tication data taking an encrypted form decoda- 
ble with said public authentication key and ap- 
plied from said content reproducing unit, 
a third encryption processing unit (1 430) for en- 
crypting said second symmetric key produced 
by said second session key generating unit 
based on said third public encryption key, and 
a control unit (1 420) for instructing said first en- 
cryption processing unit to receive said third 
symmetric key encrypted with said second 
symmetric key by said content reproducing 
unit, encrypt said license key prepared by de- 
crypting the data stored in said memory unit 
with said second private decryption key, based 
on said third symmetric key decrypted by said 
second decryption processing unit (1410) 
based on said second symmetric key, and out- 
put the encrypted license key to said content 
reproducing unit; and 

said control unit performs the authentication 
based on said second authentication data de- 
crypted by said second authentication decryp- 
tion processing unit, and determines whether 
at least the license key is to be output or not. 

29. The data distribution system according to claim 20, 
wherein 

said memory unit receives the output of said 
second decryption processing unit, and stores said 
license key encrypted into a form decodable with 
said second private decryption key; 

said distributed data decoding unit includes: 

a second authentication decryption processing 
unit (1452) operating, for transferring at least 
said license key to a different distributed data 
decoding unit of another terminal, in accord- 
ance with the transferprocessing instructed ex- 
ternally with respect to said distributed data de- 
coding unit to decrypt with said public authen- 
tication key the first authentication data in an 
encrypted form decodable with said public au- 
thentication key applied from said different dis- 
tributed data decoding unit, and extract said 



first public encryption key in said different dis- 
tributed data decoding unit, 
a third encryption processing unit (1430) for en- 
crypting said second symmetric key with said 
first public encryption key of said different dis- 
tributed data decoding unit, and 
a fourth encryption processing unit (1414) for 
performing encryption wit the second public en- 
cryption key of said different distributed data 
decoding unit; 

said second session key generating unit gen- 
erates said second symmetric key in accordance 
with said transfer processing; 

said second decryption processing unit oper- 
ates in accordance with said transfer operation to 
decrypt and extract a fourth symmetric key encrypt- 
ed with said second symmetric key and applied from 
said different distributed data decoding unit and the 
second public encryption key of said different dis- 
tributed data decoding unit; 

said third decryption processing unit operates 
in accordance with said transfer processing to de- 
crypt, based on said second private decryption key, 
the data encrypted with said second public encryp- 
tion key stored in said memory unit, and extract the 
license key; 

said fourth encryption processing unit oper- 
ates in accordance with said transfer processing to 
encrypt said extracted license key based on said 
second private decryption key of said different dis- 
tributed data decoding unit; 

said first decryption processing unit operates 
in accordance with said transfer processing to en- 
crypt the output of said fourth encryption processing 
unit with said fourth symmetric key, and output the 
encrypted output to said different distributed data 
decoding unit; and 

said control means performs authentication 
processing based on the second authentication da- 
ta output from said different data decoding unit and 
extracted by said authentication decryption 
processing unit, and determines at least whether 
the license key is to be output or not. 

30. The data distribution system according to claim 29, 
wherein 

said different distributed data decoding unit 
operates in said authentication decrypting process- 
ing such that said first authentication data holding 
unit outputs said first authentication data in accord- 
ance with the transfer operation instructed outside 
externally with respect to said different distributed 
data decoding unit for transferring at least said It- 
cense key from said distributed data decoding unit; 

said first decryption processing unit operates 
in accordance with said transfer processing to de- 
crypt and extract said second symmetric key en- 
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crypted with said first public encryption key applied 
from said distributed data decoding unit and gener- 
ated by said distributed data decoding unit; 

said second session key generating unit gen- 
erates said fourth symmetric key in accordance with 
said transfer acceptance processing; 

said first encryption processing unit operates 
in accordance with said transfer acceptance 
processing to encrypt and output said second public 
encryption key and said fourth symmetric key based 
on said second symmetric key; and 

said second public decryption processing unit 
decrypts the license key encrypted with said second 
public encryption key in said distributed data decod- 
ing unit and further encrypted with said fourth sym- 
metric key, and recording the decoded license key 
in said memory unit. 

31 . The data distribution system according to claim 26, 
wherein 

said content data supply device further in- 
cludes: 

a fifth key holding unit for holding a fifth sym- 
metric key common to said content reproducing 
unit, and 

a third license encryption processing unit for 
encrypting said license key based on said fifth 
symmetric key held by said fifth key holding 
unit, and outputting said encrypted license key 
to said first license encryption processing unit; 
and 



said content reproducing unit further includes: 

sixth key holding means for holding a fourth pri- 
vate decryption key allowing decryption of the 
5 data encrypted with the fourth public encryption 

key, and 

a fifth decryption processing unit arranged be- 
tween said fourth decryption processing unit 
and said data reproducing unit for decrypting 
10 the output of said fourth decryption processing 

unit with the fourth private decryption key to ex- 
tract and output said license key to said data 
reproducing unit. 

15 33. The data distribution system according to claim 20, 
wherein said terminal includes a plurality of distrib- 
uted data decoding unit. 



25 



10 



said content reproducing unitfurther includes: 

35 

sixth key holding means for holding said fifth 
symmetric key, and 

a fifth decryption processing unit arranged be- 
tween said fourth decryption processing unit 
and said data reproducing unit for decrypting *o 
the output of said fourth decryption processing 
unit with said fifth symmetric key held by said 
sixth key holding unit to extract and output said 
license key to said data reproducing unit. 

45 

32. The data distribution system according to claim 26, 
wherein said content data supply device further in- 
cludes: 

a fifth key holding unit for holding a fourth public so 
encryption key allowing decoding by said con- 
tent reproducing unit, and 
a third license encryption processing unit for 
encrypting said license key based on said 
fourth public encryption key to output the en- 55 
crypted license key to said first license key en- 
cryption processing unit; and 
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